How will GDPR affect small businesses?
GDPR v SMEs
The new GDPR rules will come in to affect next year. But how prepared are small businesses? Here’s a basic introduction to the new regulations affecting how we collect, process and store personal data which you cannot afford to ignore.
Firstly, what is GDPR?
It stands for General Data Protection Regulation and from the 25th May 2018 will be the main law on collecting and processing personal data. All EU member states must comply and while the UK is still officially an EU member, it is no exception.
What does the new GDPR do?
The GDPR has been brought about to give individuals more control with regard to how their personal data is used. If businesses do not comply with the new regulations they could be liable for a fine of up to 20 million Euros, or 4% of annual turnover – whichever is higher.
So, the new law gives the individual more rights and the company itself has greater responsibility. The Information Commissioner’s Office (ICO) is responsible for imposing fines and penalties if you don’t comply with the new regulations.
What needs to be done to comply with the new GDPR regulations?
Firstly, you need to look at all personal data your company holds and carry out a data audit.
Things you need to consider are:
• How the data is obtained and used
• Where and how it is stored, and is this secure?
• Is it shared with anyone else?
• Is the data actually needed?
In short, you need to know what data you hold, what risks are there attached to it (for example bank details) and review your security of it.
You need to be seen to be doing all these things and reducing the risk of any type of security breach is key.
If there is any kind of breach, you must inform the ICO within 72 hours.
Data Protection Officers
If your business employs more than 250 people or you undertake ‘large scale processing of data’, you must appoint a Data Protection Office (DPO).
Even if your business is smaller its worth appointing a person to be across all GDPR related issues – especially what you would do if there were a breach. This person could stay across the new legislation just to make sure your business is compliant.
If you require more help and information, the ICO has produced a 12-step guide to preparing for the new legislation: