Different people, different views. One thing is, however, common: many view the data protection regulation that is applicable since 25 May as a sort of data protection reform. It is a different issue, that at least the same number of people think it is an unnecessary burden.




GDPR, GDPR compliance, SME, staying in the business, investment

Considering our experience originating from many clients, from many industries and European countries we realize that lots of SMEs must face significant burden to provide the required resources to become, and even more to remain GDPR compliant.

However if we look at GDPR-compliance as a “must”, it may prove to be , even for SMEs, a future opportunity: their competitors that will not be up to the GDPR requirements may not be able to continue similar cooperation with their clients and partners. Therefore, in this respect, GDPR compliance will be a matter of staying in the business.


GDPR’s requirements constitute a single regulatory framework that actually promotes expansion of enterprises within the EU too.

Since the entry into force of the regulation all enterprises processing personal data of private people and providing services or products shall observe the EU data protection rules, this way the same rules apply to enterprises established within and outside the EU.

So far, EU enterprises had to master the application of almost 30 different data protection laws, and this segregation could have been an expensive administrative burden for enterprises targeting new markets. With the new regulation bureaucracy is reduced, the obligation of giving notification to different national data protection authorities about the data processed by the enterprise is eliminated.

Additionally, the conditions that must be fulfilled by the enterprises for transferring personal data of data subjects to non-EU countries have become simpler, while high level of protection of data transferred to abroad is ensured.


Enterprises which ensure protection of the fundamental rights of data subjects and observe the requirements of the regulation applicable to them are granted sufficient flexibility for the innovative use of big data. The regulation encourages according to the principles of its integrated data protection the enterprises to innovation, elaboration of new ideas, methods and technologies aiming at making processing of personal data more secure and at their protection.


In summary, we can say that in addition to the initial investment burden the new rules create new opportunities for companies with the use of means similar to general contract terms and mandatory corporate regulations and reduce bureaucracy by elimination of the obligation of prior notification to data protection authorities. Additionally, the rules introduce also new means for international data transfer, such as approved code of conduct and data protection certification mechanisms (data protection seals and marks).



Powered by FORTIX Consulting