All of our clients receive a custom package for their business. The packages include a guide with analysis on the specific business in relation to the GDPR and they are also provided with a set of documents to be used in various scenarios. In addition, we designed a simpler version of the compliance package for starting companies.
Below are some trends we have identified on how small and medium enterprises have used our GDPR Compliance Package.
Established companies which have been in business for at least 5-6 years
These companies in the EU are familiar with bureaucracy and are used to it. They traditionally associate legal compliance with receiving a certain license or permit and ensuring they have a set of necessary documents.
Directors of established companies will often ask us if they need to register at a supervisory authority or wait for a permit in order to process personal data. They are not really interested in the essence of the GDPR rules since they have already encountered a ton of compliance issues with various laws in the past. They just expect to be presented with a simple procedure which ensures that everything is OK in case of an inspection. Our set of documents and recommendations for measures are the most useful for them.
Startups
Starting companies have a different approach towards the GDPR, especially if they operate in the area of e-commerce or have a strong online presence. Startups want to understand the data protection rules and mainly the data subject rights. They focus on the customer, rather than on the supervisory authority. These companies want to assure the users that their rights are respected and not violated. For them the descriptive and analytical part of our compliance package is more useful.
We prefer the second approach to GDPR. The regulation is indeed individual-centric and focuses on the rights of individuals regarding the processing of their personal data. Even if avoiding sanctions is the main concern of a business, these sanctions are much more likely to be provoked by a customer complaint than by a sudden inspection from a supervisory authority.
