That's what they said about the EU VAT changes as well. "How are small businesses surprised by this new rule that comes into effect in under a month? We've been discussing it in committees they've never heard of somewhere in another country for years!"
The reality is that almost all businesses are small businesses, and most businesses are microbusinesses. These sorts of organisations don't have full time resources watching out for potential legal hurdles coming down the line in a few years. Many of them don't have full time resources at all.
It's ironic that a law where one of the main effects is to dramatically increase notification requirements has resulted in barely any media coverage and no notification from any official sources to any of my businesses yet. What media coverage there has been mostly seems to have been prompted by people being surprised by the sudden wave of privacy-related emails. So, how is this not going to be a surprise move for millions of small businesses if no-one did anything to tell them about it?
Please, I work for a "small" business and the management have been going on about it for months.
If you run a business and were not aware of GDPR then you incompetent or employ people who are feeding you bad information.
Seems like these businesses who are not "aware" of it are exactly the type that would have other bad practices that will leak personal data of their customers.
If you run a business and were not aware of GDPR then you incompetent or employ people who are feeding you bad information.
Why? Most businesses are very small and don't have any sort of in-house legal team, and won't go actively looking for expensive external legal advice if they aren't aware that they have a need to.
Seems like these businesses who are not "aware" of it are exactly the type that would have other bad practices that will leak personal data of their customers.
That is an entirely unfounded assumption. There is literally no relationship between being technically competent in protecting personal data, having a positive attitude towards respecting privacy, and being aware of new laws coming out of the EU.
Yes, and talks first started in 1996, and yet here we are today with massive problems because small business, and especially self-employed startups etc don't have an on-call lawyer that knows everything about EU regulation. Or anyone. They wont' have heard of this from anyone until it hit the news, only a few months ago. Is a few months enough to understand and become fully GDPR compliant? Probably not. Do you know all the EU laws currently in the works that are going to affect your website 5 years from now? Probably also not.
The reality is that almost all businesses are small businesses, and most businesses are microbusinesses. These sorts of organisations don't have full time resources watching out for potential legal hurdles coming down the line in a few years. Many of them don't have full time resources at all.
It's ironic that a law where one of the main effects is to dramatically increase notification requirements has resulted in barely any media coverage and no notification from any official sources to any of my businesses yet. What media coverage there has been mostly seems to have been prompted by people being surprised by the sudden wave of privacy-related emails. So, how is this not going to be a surprise move for millions of small businesses if no-one did anything to tell them about it?