With less than three months to go until the introduction of the General Data Protection Regulation (GDPR), three-quarters of small and medium-sized enterprises have yet to even start preparing. 

GDPR includes requirements for new processes such as the employment of data controllers, privacy impact assessments and greater choice for customers, including the right to be forgotten. Businesses will also be required to disclose all data breaches to regulators. Some of the rules sound deceptively simple, but many firms will struggle to cope because they don’t even have a clear idea of what data they currently hold on customers, or where and how it is stored.

All organisations must take the GDPR seriously and SMEs are no exception. Making an investment now in order to prepare and protect your business is essential if you do not want to risk incurring penalties. Click below to find out the steps your business can take to prepare.