Data breach knows no borders: What small businesses need to know about international privacy law

For National Small Business Week, Shred-it is reminding small business owners they could face strict new international privacy rules next year - and many don't even know it.

OAKVILLE, ON, Oct. 12, 2017 /CNW/ - As the Internet makes it easier than ever to do business around the world, Canadian small businesses may find themselves increasingly subject to privacy laws in other countries. Yet only one in seven (14 per cent) Canadian small business owners know about the impending General Data Protection Regulation (GDPR), according to Shred-it's 2017 Security Tracker conducted by Ipsos.

In May 2018, the GDPR will introduce sweeping new data protection requirements for businesses that process European Union (EU) citizens' personal data. The GDPR comes with heavy penalties for businesses of any size and in any country - including Canada - that are non-compliant.

Not only are most Canadian small business owners unaware of the GDPR, but many are far from meeting the GDPR's data protection standards. The Security Tracker revealed over a third (37 per cent) of small business owners never audit their company's information security procedures and less than half (45 per cent) claim to have a strong understanding of their legal requirements to protect data.

"In today's globalized business environment, the GDPR will affect not only multi-nationals but also small businesses that have transactions with EU citizens," says Paul Saabas, Vice President at Shred-it. "Even if you're not subject to the GDPR, your small business will benefit from strengthening its information security practices. As more and more personal data is transferred across borders, consumers may start to seek out businesses that meet both local and international privacy standards."

Throughout National Small Business Week, running October 15 - 21, 2017, Shred-it is encouraging small business owners to consider these three tips to help them strengthen their information security practices and prepare for the GDPR:

    1. Know what you don't know The first step in becoming compliant with any
       legislation is to know what data your business processes, where it's
       stored and what the risks are. Audit both the data your business keeps -
       whether on hard drives, premise servers or paper files - as well as the
       data processed by third parties, such as your cloud storage providers.
       The GDPR mandates regular Privacy Impact Assessments (PIAs) to identify
       privacy risks in projects or initiatives. Carry out PIAs in the early
       stages of any project so that data protection is part of your thinking
       from the beginning.



    2. Educate, inform, coach All employees share the responsibility to protect
       sensitive data and keep your business compliant. The GDPR mandates
       'privacy by design' in some cases, which requires businesses to build
       data protection measures into staff training and human resource policies.
       Get ahead of the curve and start teaching your employees about data
       protection and information security now. As the saying goes, 'knowledge
       is power' - and knowledge can save your business from the significant
       legal consequences or reputational damage of a data breach.

    3. Ask an expert When it comes to changes in legislation, don't take your
       chances - especially with something as important as privacy compliance.
       Speak to an external legal expert who can help you understand if or how
       the GDPR affects your business, as well as your requirements for privacy
       protection in Canada.

For more information about preparing for the GDPR, visit Shred-it's blog. Also, download the 2017 State of the Industry report to learn more about common information security trends and emerging challenges.

About Shred-it

Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. Shred-it, a Stericycle solution, operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.

SOURCE Shred-it