Call Us: US - +1 845 478 5244 | UK - +44 20 7193 7850 | AUS - +61 2 8005 4826

Religious or philosophical beliefs

It’s easy to see why compliance is particularly challenging for small and medium businesses. While  you’re held to the same or almost the same requirements as the biggest conglomerates, you have to accomplish the same thing with far fewer resources. A company with 30 – or even 300 – employees can’t afford to assign dozens or hundreds to full-time risk management and compliance like an enterprise that employs 30,000 or more.

The consequences of non-compliance are more likely to have a devastating impact on SMBs, too. A $100,000 fine that is pocket change to a major corporation may be a significant chunk of a small firm’s profit margin. And not only are you likely to lose the trust of some of your customers if they discover that you haven’t complied with regulations, but you could even be sued for breaching their privacy.

The good news is that there are third party compliance management companies to which you can outsource the compliance function. The bad news is that these services are often quite costly, and thus may be beyond the budget of a small company, and you lose some control over your compliance strategy (but remain solely responsible for your compliance).

It’s not all gloom and doom, though. SMBs actually do have some advantages over enterprises when it comes to compliance. You probably have fewer data subjects to worry about, less data to protect, and fewer employees, contractors, and others who have access to that data.  It’s (theoretically, at least) easier to protect the data of hundreds or thousands of customers than of millions.

Privacy, policy, and security

From an IT perspective, compliance is primarily about security. While compliance guidance usually focuses on privacy and policy, security measures are the means by which you protect privacy and enforce policy.

On another happy note, there are many good compliance management software solutions that you can implement to meet compliance requirements, some of which may not scale to enterprise levels but will work well for your small or medium sized business. These include auditing and security scanning solutions, threat management, access control, network monitoring, patch management software, and more that can be deployed to meet your specific compliance needs.

Cloud services provide built-in tools such as encryption options, identity and access management (IAM) systems, virtual network isolation, and other security tools that help to protect personal data as required by privacy regulations. When combined with on-premises tools mentioned above, achieving your compliance goals becomes much more doable.


The requirements for securing data, protecting privacy, responding to customer requests regarding their personal data, and reporting to regulatory oversight agencies is growing rapidly and so is the cost of meeting these demands. SMBs are not exempt, and in fact it’s even more important for small and medium organizations to get and stay compliant as they don’t typically have the cash reserves to easily pay the large fines that can be assessed for non-compliance, or to withstand the loss of customers’ trust that can result.

Complying with all of the applicable government and industry regulations that may apply to  your business today is neither easy nor cheaper – but it’s not as difficult nor as expensive as the consequences of failing to do so.