25th May is just around the corner, and with it the deadline for getting your head around the European General Data Protection Regulation (GDPR). You should have your ducks in a row and ready, but do you? Do you know everything you need to know about GDPR and what it means for your small business?
What does the GDPR mean for my small business?
Well, it means a lot. There’s no getting around it, you need to put some steps in place to be ready come 25th May. There are regulations you have to comply with concerning the storage and usage of personal data. Get it wrong and you could be facing some hefty fines.
This isn’t meant to instil fear. We, and the government, know that for small businesses such challenges can often be greater. Therefore, the goalposts are slightly different for small organisations, specifically those with fewer than 250 employees. In fact Article 30 stipulates that such small businesses won’t actually be bound by GDPR.
But hang on, that doesn’t mean you shouldn’t prepare. If the nature of the data you handle is likely to pose a risk to the rights and freedoms of an individual, the rules still apply to you no matter how big your organisation is. This also applies if the data you process is deemed ‘special’ (as stipulated in Article 9).
In a nutshell
The GDPR is all about putting individuals back in control of their own personal data as well as making a simpler regulatory environment across the EU. Despite the UK’s decision to leave the EU, GDPR will still be going ahead here.
What do you need to know about the GDPR?
It’s not just about the penalties imposed by the GDPR itself. Individuals themselves can seek compensation from you if, where their data is concerned, you mess up.
You also need to know what is deemed good practice and what your responsibilities are. For example, if your business experiences a data security breach you’ll have a responsibility to report it immediately to the Information Commissioner’s Office (ICO).
You also need to make sure that individuals can be ‘forgotten’ should you no longer need to hold or use their data. You need systems which make that a) possible and b) simple.
As a rule of thumb, consider how often you’re handling personal data. That will involve not just customers, but also employees and suppliers. If you handle this data routinely then you need to comply with the GDPR.
The area that you need to focus your attention is your procedures and systems. With the right tools and data management systems you’ll find you’re easily able to comply with the GDPR without too much trouble.
Are you GDPR ready? How are you preparing? Please share your thoughts in the comments.