Regulation and data protection in small businesses
By Martin Atherton
In a nutshell:
When it comes to data protection and information security regulations, the outlook for small
businesses in EMEA is in the balance. On one hand, their awareness of the requirements and
obligations they are under is good. However, in practice, capabilities to meet those obligations
are weaker than they should be and technologies that can help are under-exploited.
- Regulation does matter to smaller businesses. Many have policies in place to guide
them, but policies don’t always equal processes and capabilities
- Cracks appear when we examine the ways in which small businesses ‘do’ compliance:
Less than a third have anything formal in place to help them achieve it
- Small businesses are taking unnecessary risks: Most have no way of managing
information retention, deletion and archiving or discovery, or rely on manual techniques
- It is possible to address these areas with relatively little effort and cost to gain significant
benefits such as the protection of information assets and ultimately, the business.