General Data Protection Regulation: No silver bullet for small and medium-sized enterprises.

The EU General Data Protection Regulation (GDPR) presents the biggest shake-up of data protection laws for 20 years. This paper discusses its potential impact on the 26 million small and medium-sized enterprises (SMEs) that represent 99 per cent of business in the EU, and which provide two-thirds of the total private sector employment in the EU. The European Commission considers SMEs and entrepreneurship as the key to ensuring economic growth, innovation, job creation and social integration in the EU. This paper argues that for SMEs, compliance with the GDPR represents a far greater burden of regulatory duty than is appropriate and may impede their development and competitiveness against larger firms that can afford dedicated staff to manage the process, implementation and ongoing supervision of GDPR compliance. The paper looks at several areas where cloud technology has enabled SMEs to compete and win against larger global players, but suggests that under the GDPR, such technology may entail greater cost and resources. [ABSTRACT FROM AUTHOR]