We’re living in an increasingly digital world – that much is sure. But as more and more of our everyday transactions take place online, businesses and individuals face an increased risk of fraud. At the same time data breaches are becoming better targeted, as cyber attackers get sophisticated with their tactics and methods.
The result is that businesses become subject to ever more stringent compliance regulations, as part of the fraud fightback. It’s fair enough – we all want our data and transactions to be protected. But for SMEs, meeting compliance rules can be something of a challenge – perhaps more so than it is for their bigger enterprise counterparts, who are likely to have dedicated IT resource and be better equipped with compliance policies.
Nevertheless, with SMEs subject to the same level of regulations as all other businesses, they’ve got no choice but to keep up and get themselves compliant.
Getting aligned with GDPR, PCI DSS and MiFID II
With regulations coming at businesses from what feels like all sides, it’s no wonder SMEs are concerned about making sure they’ve dotted the i’s and crossed the t’s when it comes to compliance. SMEs should start by working out which regulations apply to them, pinpointing potential compliance gaps in their own organisations and taking steps to get aligned.
The updated MiFID II (Markets in Financial Instruments Directive) came into play in January 2018. It demands several changes to business conduct for those in the financial services industry, including tightened rules around the recording and storing of conversations.
Meanwhile, the deadline for GDPR compliance is creeping up fast. By May 2018, any business that collects, processes or stores data on EU citizens must abide by a new set of regulations. Failure to do so could mean severe consequences – namely fines of 4% of annual turnover or up to €20 million (whichever is higher) – which would be crippling for many SMEs. The difference, perhaps, between continuing to be a viable business and not.
Along with these sits the PCI DSS (Payment Card Industry Data Security Standard), which is compulsory for any business that processes or stores payment card information – an area that is, by its very nature, a common target for fraud.