There are few things that can get a business owner more excited than compliance (just kidding). But, for small or medium business owners, compliance is becoming a more important check box to meet as part of business operations.
While SMBs may think that these new compliance requirements only apply to large businesses or enterprises, the reality is that they also must comply in most cases. There may be slightly different standards of care or metrics that an SMB may meet, but those standards must still be met; otherwise, an SMB may face a significant fine.
These fines can be incredibly significant, with organizations facing an average of $4 million in lost revenue due to a single non-compliance event and a 45 percent increase in the cost of non-compliance since 2011. In addition, an SMB may also face reputation impacts or disruption to business operations from legal proceedings.
Compliance standards can come in many forms, depending on the industry an SMB is in or what types of data it deals with. The Health Insurance Portability and Accountability Act (HIPAA) is an essential regulation for SMBs in healthcare or other standards regulating how many industries handle Personally Identifiable Information (PII). Other regulations apply to financial data, HR, cybersecurity, and more.
New compliance standards have also emerged in recent years. Perhaps most significant is the European Union’s General Data Protection Regulation (GDPR), which regulates data protection and privacy across the EU. While it is focused on the EU, GDPR can apply to any business handling EU citizen data, which could apply to an SMB anywhere in the world. More than one billion Euros were collected in fines in 2021. A similar regulation was also launched in California, called the California Consumer Privacy Act of 2018.
There are many things that an SMB can do to begin a compliance program within its own business. First, an SMB should identify which regulations and compliance standards apply to their industry or line of work. Then, an SMB should determine if it is meeting those standards or where the gaps in its practice must be closed. An SMB may need to hire a consultant to help identify these areas or adopt new tools to help manage compliance risk.
For larger organizations, 50 percent of those surveyed said they spend 6-10 percent of revenue on compliance costs. This high ticket price may not apply as much to SMBs, but it can still be costly to get started with a compliance program. While building a compliance program may be expensive in some cases, it helps an SMB prevent a potentially even more costly incident if it faces a compliance violation.
Compliance is one of many things an SMB needs to consider as its business grows. While it may not be the most exciting part of growing a business for many business owners, it can help ensure that an SMB can serve its customers and employees for many years to come.