This week marks exactly one year until EU individuals will have new rights with respect to how all businesses must protect personal data. Whether a particular business is big or small, based in the EU or based in the US, each must fully comply with the game-changing General Data Protection Regulation (GDPR).

GDPR took center stage in Berlin recently, when policymakers, businesses, and regulators from 20 countries met in Berlin at the 7th annual European Data Protection Days conference. Nearly every speaker emphasized the challenges the regulation raises for small and medium sized companies (SMEs) and the critical need for those companies to comply.

Companies of all sizes must come into compliance with the GDPR by May 2018. Many larger organizations with resources dedicated to data protection and compliance with EU law have already taken significant steps to meet the law’s requirements. But conference participants – including regulators – noted that many smaller organizations are only beginning to understand what’s required of them, and that many companies are unaware of the GDPR or that it applies to them at all.

The regulators’ focus on SMEs in their conference remarks make it clear that they will be watching to see whether and how well smaller businesses comply. Helen Dixon, data protection authority for Ireland, announced that her office is conducting research to understand which industry sectors still lack information about their obligations under the GDPR. Based on their findings, her office plans an awareness campaign to inform those businesses of their need to comply. In her remarks, Ms. Dixon cited the consumer awareness campaign initiated by Commissioner Jourová’s office, discussed in this blog on May 18th . That initiative will inform individuals about their rights under the new regulation and steps they can take to exercise those rights. Ms. Dixon suggested that the two campaigns complement each other, and will ensure that the protections promised by the regulation are realized.

It’s worth noting that in addition to meeting legal requirements, participants highlighted that GDPR compliance will be important for SMEs if they want to remain competitive. Business partners, potential customers and vendors will all want to know that companies with which they share data are compliant with law and won’t expose them to undue risk.

The discussion in Berlin made clear that the GDPR is not a law that SMEs can afford to ignore, and that they discount the risks of non-compliance at their peril. Taking steps to become GDPR-ready is critical to minimizing your legal risk, and keeping your company competitive.


Achieved Compliance – helping you navigate the complex world of data compliance.

Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact