No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

How SMBs Can Ensure Compliance with New Regulations

Leveraging Lessons from the GDPR Rollout to Prepare for the CCPA Now

by Campbell Hutcheson
August 9, 2019
in Data Privacy, Featured
illustration, concept of big business helping small business

Small and medium-sized businesses often understand the critical importance of compliance, but just as often don’t have the resources to manage it like larger organizations. Campbell Hutcheson, CCO at Datto, offers guidance to help close that gap.

As of 2018, there were 30.2 million small and medium-sized businesses (SMBs) in the U.S., which account for 99.9 percent of all U.S. businesses. Despite their size and perceptions about what it means to be an SMB, small businesses are not immune to compliance requirements and regulations. Industry standards, such as the Health Insurance Portability and Accountability Act (HIPAA), Canada’s Anti-Spam Law (CASL) and Sarbanes-Oxley (SOX), dictate what a company can and cannot do with its customers’ data.

While standards obviously vary by industry and company size, the two regulations that have garnered widespread attention over the past year are the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018, which goes into effect on January 1, 2020. Both regulations are designed to enhance privacy rights and encourage businesses of all sizes to take every necessary step to protect consumers’ personal information.

Meeting compliance requirements such as GDPR and the California Consumer Privacy Act is challenging for several reasons – from associated costs to technology requirements. SMBs in particular need to think about the regulations that apply to the operation of their own business, and not in the context of how larger enterprise companies address them. SMBs aren’t just smaller versions of enterprise companies. They have their own operational processes and face unique challenges that are addressed with SMB-specific solutions. “Enterprise-grade” or “enterprise-light” solutions aren’t often suited to meet individual SMB needs.

While SMBs understand the critical importance of compliance, many don’t have the resources to manage it like larger organizations. While complying with these regulations often requires additional investments and resources, the cost of being noncompliant and the resulting impact are often much higher.

SMB Compliance Challenges

The majority of SMBs start or purchase their businesses because they are passionate about what they sell and/or the service(s) they provide. There’s not always enough time in a day to consider compliance requirements and managing the technology involved with running the business. So, to some SMB owners, it comes as an unwelcome surprise when navigating complex regulations becomes part of their daily activities.

Compliance rules can impact many areas of a small business, including marketing, IT and administration. Here are some of the challenges that SMBs face with stricter compliance laws:

  • Data Sharing With Customers: If a customer requests what information a small business has collected about them, then the business may be obligated to share the data with them. Many businesses do not have the resources to handle such requests, nor the time to honor them.
  • Data Breaches: After establishing guidelines for how data is used and stored, businesses will want to be able to prove they are protecting consumers’ personal information and that they are prepared to be held accountable if such information is compromised as a result of a security breach. SMBs may want to confirm that their internal processes allow them to notify the relevant parties of a data breach within 72 hours of learning about it.

How SMBs Can Remain Compliant with New Regulations

So, what can SMBs do to prepare for new regulations, such as the California Consumer Privacy Act? To start, they can learn from the experiences of other companies that went through the process of gaining GDPR compliance.

  • Document Early: SMBs can get ahead of requests for data by documenting early what consumer data they hold. Having a greater understanding of what personal data they have, where it came from and who it’s shared with can streamline the process if a customer requests their data.
  • Appoint a Data Protection Officer: While it may not seem like a data protection officer is necessary for an SMB, having a dedicated member on site to work with customer data and ensure that the business is in compliance may well be worth the cost of an additional employee or making this part of an existing role.
  • Budget: SMBs will need to budget ahead of time for any new IT infrastructure and processes that will have to be put in place, including updating the website to add language that explains consumers’ rights when it comes to their data.
  • Partnership: By partnering with a managed service provider (MSP) who manages IT needs, SMBs can lean on their partner to perform IT data checkups and help ensure the security of customer data. MSPs can look for things SMBs can do differently and help them develop a plan to fix any potential mistakes or vulnerabilities.

Compliance is as important for small businesses as it is for large, multinational corporations. A lack of knowledge of current requirements is not an adequate excuse for failing to comply. Every SMB needs to look at how they collect, process, share and store data in order to make sure they have the processes and policies in place to protect the integrity of data. Small businesses also need to put measures in place to facilitate data access requests and procedures in place to identify and report a data breach should one occur. By continuing to document, hire the right people, budget ahead of time and partner with IT experts, SMBs will be ready to meet any compliance requirements and regulations, both now and in the future.


Tags: California Consumer Privacy Act (CCPA)GDPRHIPAASOX Compliance
Previous Post

What the Shootings Mean for Ethics & Compliance

Next Post

5 Common Weaknesses in OFAC Sanctions Compliance Programs

Campbell Hutcheson

Campbell Hutcheson

Campbell Hutcheson is Chief Compliance Officer at Datto, Inc. He oversees the Datto legal team and is responsible for ensuring Datto is in compliance with a wide variety of data privacy laws, including HIPAA and GDPR. Campbell holds a classics degree from the University of Connecticut and a law degree from the University of Oxford. He now works at the intersection of data privacy, data security and regulatory compliance.

Related Posts

businesswoman looking at stack of documents for audit

Annual Survey: Companies Spending More Time on SOX Compliance

by Staff and Wire Reports
September 15, 2023

Nearly three in four organizations are looking for ways to further enable automation of their SOX compliance processes, according to...

Medical professional enters information into electronic medical record

Navigating HIPAA Compliance in the Cloud: Is Google Workspace the Right Fit?

by Nick Harrahill
August 15, 2023

By 2025, an estimated 85% of enterprises will shift to a cloud-first mindset, while others will adopt a hybrid approach...

data privacy on bumper sticker

A National Privacy Law Doesn’t Appear on the Near-Horizon in the US. Globally, It’s a Different Story.

by Kevin Coy and Erin Doyle
August 8, 2023

International law around data privacy continues to evolve as jurisdictions around the world seek to develop and refine their regulatory...

medical record stethoscope

Survey: Consumers Don’t Trust Big Tech to Handle Their Health Data

by Staff and Wire Reports
July 27, 2023

The number of healthcare data breaches in the U.S. has doubled over the past three years, according to a report...

Next Post
iron chain with one link about to break

5 Common Weaknesses in OFAC Sanctions Compliance Programs

Available SQ
New call-to-action

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2023 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe

© 2023 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT