With the European General Data Protection Regulation (GDPR) effective date pinned at 25/05/18, the UK is gearing up for tougher fines and stricter regulations, across all industries. GDPR regulation for small businesses is a hot topic, but are you prepared for the changes? It’s a wide-ranging regulation designed to protect the privacy of individuals in the European Union (EU) and give them control over how their personal data is processed, including how it’s collected, stored and used.
It affects every company in the world that processes personal data about people in the EU. Summary of GDPR for small business – there are many aspects to GDPR, but it really boils down to being clear and ethical with the personal data you process – that means treating it as you’d treat something valuable of your own. Some initial practical steps you can take to get GDPR compliant are:
Check products and services
• Check which of your products or services collect and process personal data.
• Make sure you have a legal basis for the processing of personal data.
• Make sure you can comply with the obligations to your customers as set out in the GDPR (such as the right of access and the right of erasure).
Review notices and contracts
• Update your internal and external notices for GDPR compliance.
• Ensure your customer contracts are GDPR compliant.
• Make someone in your organisation responsible for data protection and privacy.
• Consider whether you need to appoint a Data Protection Officer – check out the ICO’s guidance for more info.
• Provide data protection training for staff.
Take care over security
• Ensure systems that collect, process and store personal data are secure.
GDPR is complicated – why should I care?
It’s easy for small companies with a stack of to-dos to see the GDPR as a burden. But in reality, it’s something that can be used to your advantage, adding value to your business.
By proving to potential and existing customers that your organisation is compliant with new laws that protect the rights of citizens just like you (and your customers), you could bring in more business.
No one likes having their data lost, stolen, damaged, misused or shared without proper consent, and doing everything you can to protect your customers and grow their trust could be a unique selling point.
So, from fines to compensation claims, there are certainly serious reasons to get GDPR-compliant. But on a real-world level, see it as being worth your while to get organised behind the scenes, earn your customers’ trust, and be the company that respects personal data, rather than letting it sit on a long-forgotten spreadsheet.