Besides the well-known and punitive fines which are stipulated by the General Data Protection Regulation and which may be lethal to small and medium-sized companies (SMEs), there are other risks and facts which are often overlooked by SMEs:

1. Reputation risk – the penalties imposed and public information on company data breaches will definitely affect the company’s reputation and will bring additional costs.

2. Profit drop – More and more potential clients and partners are choosing to collaborate and transfer their data only to companies able to ensure proper protection.

3. Many cases of loss or disclosure of personal data happened because of the negligence and ignorance of one employee of the company, for which the company will be responsible in the first place.

4. Supply Chain Risk – SMEs are an easy victim of cyber crime and thus a potential entry point to larger enterprise IT systems.

5. The number of complaints has grown significantly – data subjects are increasingly reaching out to EU data protection supervisory authorities to be consulted on GDPR and to submit complaints about companies which violate their rights. Overall, 144 376 complaints have been submitted, since March 2018.

6. 43% of cyber attacks target SMEs.

7. 60% of small businesses go out of business within 6 months of a cyber attack.

Marina Briškena

Lawyer, DPO