How GDPR costs could widen the gap between small and large businesses

Will the gaps widen further between small and large firms

by Reza Moaiandin, Founder, Cyber Scanner

In every line of business, there are always factors that can make breaking through to greater success seem insurmountable. While the causes change, the impact on smaller businesses never does. Online businesses currently have a new issue to tackle when it comes to the oncoming storm of the General Data Protection Regulation.

The  creation of a  weighted marketplace   

Sometimes the costs of running a business mean that you end up with an uncompetitive marketplace. The way most people understand this is by looking at large supermarket chains. If one brand can buy a hundred times the stock than another  – and therefore can lower the price of each individual unit through deals to buy in bulk  – then the smaller brand has no way of competing.

It cannot cut its prices until it grows past a certain point, and it cannot grow past that certain point because of higher prices. The latter is stuck in a catch 22 situation, while the market leader looks more and more impossible to unseat or even challenge in any kind of fair manner. This is one way in which you end up with a stifled, uncompetitive marketplace.

However, we don’t tend to think that way about the costs faced by online businesses – but we should.

What’ s  facing  online businesses      

Just because an online business doesn’t have the same financial demands as physical stores, that doesn’t mean there aren’t costs. This makes it possible for larger, more established businesses to whether expenses that a smaller business cannot, therefore

Knocking those businesses out of their industries. This results in lost livelihoods, less innovation and less choice for consumers.

The looming threat on the horizon in this instance is GDPR, otherwise known as the General Data Protection Regulation. If like many currently facing this issue, you’re wondering what that is, it’s a set of regulations in EU law that’s intended to give people control over their personal data. And in case you were wondering, no, Brexit won’t make any difference to this legislation or when it comes into effect.

This is an issue which has obviously become a very hot topic in light of the recent Facebook data breach. It’s a  terribly complicated set of regulations – far too long to go into any detail here – but in the simplest terms possible, its intention is to protect your personal data and your privacy.

So, new regulations, and ones which have good justification – how much trouble could they possibly cause?

The  reality  of  the regulations    

A moment ago, we mentioned that the regulations were far too complex to go into detail here, and this is no exaggeration. Based on estimates derived from 1000 senior executives across Europe, in a piece of research known as Finding the Missing Link in GDPR Compliance, it is estimated that many businesses will spend an astonishing 172 hours a month on GDPR data searches. In other words, it requires another member of staff working full time purely on this issue.

And if you fail to meet these regulations, then the fines can be devastating, going up to over £20 million or 4% of annual turnover. This could potentially spell the end of one in five European businesses, according to Petter Nordwell, Director of Marketing at Sophos.

Who is really the hardest hit?       

It’s important at this point to make clear that these regulations do go after the largest businesses harder, with tougher fines and penalties for example. Not only that, but a bigger company usually means more data, and therefore a bigger challenge to be met.

However, it will still likely impact smaller businesses more. One major issue is that small businesses simply don’t seem to be taking this as seriously as they should, cutting it

Very fine to the May deadline. 90% of small businesses were not fully prepared by the end of February 2018, according to the FSB, with many completely unaware of the issue.

Furthermore, there’s the simple reality of whether or not they can afford to put aside the number of work hours and the costs associated with that in order to deal with the issue in time. This is where the resources of a large business really give them an advantage.

Large, small and medium businesses are all facing this challenge. However, smaller businesses may be going in the most unprepared,  or not prepared at all. They might find themselves pushed out of business in the face of tough regulations and the weight of the competition, who have better resources at their disposal.

About the Author

How GDPR costs could widen the gap between small and large businessesReza Moaiandin is Co-Founder & Technical Director at and  Cyber Scanner. He has over  16 years’ experience in software engineering, Reza has been involved in cybersecurity for nearly 10 years. Originally, Reza worked on security bugs on PHPNuke, and moved onto writing complex algorithms for phishing detection, during his last year of university Reza designed an artificially intelligent algorithm that detected phishing websites faster than Google.

April 11, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...