GDPR Fines for Small Firms – Why should I bother?

Indeed when it comes to fines, few small firms have received a hefty fine to date. Although the big firms get the hefty fines, the bulk of the cases brought before the national supervisory authorities involve small and medium sized firms.

What is important to realise is that 90% of cases come about not because of the regulator spontaneously knocking on your door, but through complaints from customers, staff or suppliers especially when those relationships turn sour for one reason or another.

That said, Even if you are not too concerned about relationships turning sour, the reality is simply that data is only going to be more important to your firm, its customers and suppliers going forward.
Why would you base a business strategic decision on the probability of any challenges or regulatory fines?

Although you might think of GDPR as an insurmountable pile of rules and jargon, we can assure you it is more of a mindset than anything else! Check our post about GDPR Compliance checklist for the SME.


Small firms and GDPR fines

More than anything else GDPR wants organisations small and large to pause for a second and reflect on the personal data they hold and why they hold it so they can inform those involved and be more mindful to the privacy and security implications. Being more mindful to the personal data you hold, use and share on your customers, staff and partners surely is surely the right thing to do.

Other GDPR considerations are:

  • Increasingly so customers only will buy from firms that they trust with their data
  • GDPR allows customers to challenge you on your privacy and security stance and if not satisfied, file a complaint with the regulator
  • You also store personal data on your staff and increasingly so staff are using their GDPR rights in any labour disputes
  • By getting your GDPR in order, you will also get better insight in what data you store where and instructing your IT partner to beef up security will be a logical next step and will help to deter the hackers and pranksters out there
  • GDPR is considered by the EU as the cornerstone of the EU’s digital action : so there will be even more focus on this in the future.


In short, doing nothing is a high risk strategy. The smart money is on you joining GDPRWise now and using GDPR to your advantage!