GDPR (General Data Protection Regulation) is a European regulation that affects how data is collected, stored and used. It doesn’t matter if you’re a major corporation or a small business- everyone is expected to conform to this. While in theory it is only supposed to apply to businesses with more than 250 employees you are still expected to conform to the regulations if you are handling sensitive data.
In this article, we are going to look at what GDPR is and what you need to be aware of.
Of course, some people reading this may feel that because of Brexit GDPR should not apply. There are several responses to this- first is that although Article 50 has been triggered this does not come into effect until 2019 and therefore European regulations still need to be followed. Furthermore, as European law is transferred into a new British law it is likely that a lot of these regulations will be kept in place.
Second if you do not follow GDPR regulations you could be fined. The fine you pay could be up to 4% of your annual turnover which could significantly affect the growth of your business.
Finally, from a PR standpoint following GDPR regulations makes it clear that you care about how you handle customers data and you do so responsibly. It doesn’t matter if the information is on a mobile device or in a cloud server- you are responsible for it.
One aspect that small businesses need to be aware of is reporting data breaches. Companies need to do so straight away (ideally within 24 hours but no more than 72 hours) or face a fine. Again, this is something that they should do anyway as if customers subsequently find this out they may question whether you can be trusted with their data. In the age of social media if people there is always the risk that bad news could travel very fast so it is worth having data handling policies in place before you start.
Another part of this is that customers can enquire as to how their data is being used. If it is felt that you no longer need to keep information they can claim what is known as the “right to be forgotten” and you have to remove the information you have on them.
Find out more
Of course, it can be difficult for companies, especially if you are in the process of starting up. Do surveys from survey websites count as “your” data? What information could be considered sensitive?
Naturally for some businesses this is more likely than others. Fortunately, if you want to know more about this we can help. We can look at the data you have already and gauge what issues are likely to come up.
Contact Digi Toolbox today and we can discuss what protections you will need and what you need to be aware of. With the right approach, your company can be GDPR ready regardless of size.