For many small businesses across the UK, preparing for the introduction of General Data Protection Regulation (GDPR) has not been a priority. It’s set to replace the Data Protection Directive and is a motion decreed by the EU, designed with the aim of harmonising data privacy laws across the continent while giving EU citizens some control over what businesses and organisations do with their personal data.
These new regulations come into effect on 25th May 2018 and not following them can lead to fines as high as €20 million, or even 4% of a company’s yearly turnover, meaning that businesses not already making preparations for GDPR definitely should consider starting now. It comes into force long before Brexit is finalised and completed, but even then, similar regulations — in the Data Protection Bill — will be the predominating law, so being compliant is still vital in the long-term.
Here are just three top tips that can help your business prepare for GDPR.
1. Learn what GDPR is and find out what you have to do
One of the main reasons GDPR has been passed is to force businesses to account for loss of data and security breaches. The new regulations mean that businesses will have to implement adequate data security, as well as be aware of how hackers might attempt to compromise the data that they store.
The Information Commissioner’s Office (ICO) comes under the umbrella of the Department for Digital, Culture, Media and Sport, and their website is a great resource for learning what you will have to do as a business in order to comply with the regulations — they’ve published an online guide that is constantly updated to help companies prepare for GDPR.
3. Know whether your current IT security policy needs adapting
Knowing what the new regulations mean for your business is half the battle, but it’s crucial to look at how your company handle data already; it’s important to think about the types of data collected from customers and clients and how it’s stored. A key rule in GDPR is that consumers will have the power to request that their personal data is deleted from your system, which means that you must be able to do this as and when it’s necessary. This may mean that your company has to change how it stores its data.
Being adequately prepared for GDPR is vitally important
The regulations are to be taken seriously and companies can expect to be assessed on their compliance with GDPR, so it’s absolutely key to get your new policy ready as soon as possible in order to ensure that the whole business is fully informed and prepared to comply with the regulations.
To find out more about the GDPR and the steps you need to take in order for your business to comply, I strongly advise that you visit the ICO website to read their overview of the GDPR and steps you can take to prepare.
In addition, this dedicated advice line offers help to small organisations preparing for the GDPR:
0303 123 1113 (select option 4 to be diverted to staff who can offer support).
If you’d like some legal guidance on ensuring your compliance, I recommend contacting the KoffeKlatch small business legal team for advice.
Disclaimer: the information in this blog will not guarantee your compliance. It is intended to highlight the importance of the GDPR and give you a starting point to help you prepare for it. Please seek legal advice for further clarification.