October 11, 2022

Last Updated on January 19, 2024

Many SMEs still don’t have robust privacy programs, but that’s changing fast. Unlike bigger businesses, most of these orgs aren’t under intense regulatory pressure to comply with privacy laws like GDPR or the California Privacy Rights Act (CPRA). So, what’s finally putting privacy on SMEs’ radar?

To discuss today’s privacy space and how businesses of all sizes are leveraging technology to identify personal data and other sensitive data, Dimitri Sirota, CEO at BigID, joined a recent episode of The Virtual CISO Podcast. The show’s host is John Verry, Pivot Point Security CISO and Managing Partner.

Just get something up and running

Dimitri notes that multinationals and SMEs have different drivers for their privacy programs. Big companies have many customers that want to exercise privacy rights like deleting or correcting their personal data. They also face significant compliance pressure from regulators and their boards.

Most SMEs don’t need “letter of the law” compliance with privacy statutes like GDPR or the California Privacy Rights Act (CPRA), which requires a highly granular ability to identify personal data.

“They literally just want to get something up and running,” Dimitri notes. “Secondly, they want to integrate [their privacy controls] with some other things like data security.”

The question Dimitri hears from SMEs is, “Is there a way to combine everything I need around securing my data and also protecting the integrity of my data for my customers?”

Customers are de facto auditors

According to Dimitri, customers are a potent force for SMEs implementing privacy programs.

“If they’re asking for their data or they’re instructing you in terms of how they want to allow you to share and sell the data, then you need to abide by that,” asserts Dimitri. “Part of what drives companies to do something is really more around the fact that they don’t want to offend their customers.”

But for SMEs, the big challenge is making it simple to manage customer data that is stored in multiple cloud-based repositories, from Salesforce to Zendesk to Microsoft 365. This is why BigID recently launched its new SMB/SME solution, SmallID—a lightweight SaaS tool that bundles basic data protection and data privacy.

What’s next?

To hear this show with privacy technology thought leader Dimitri Sirota, click here.

Want to build momentum around a privacy program for your org? There’s a podcast for that: EP#66 – Jason Powell – Private Practices: How to Prioritize Privacy in Your Organization



ISO 27701 Certification Guide

Discover what you need to achieve ISO 27701 certification! You are 6 simple steps away from "provable" compliance with every Privacy regulation.