The EU has brought in the General Data Protection Regulation. From May 25th 2018 all businesses need to adhere to rules regarding the processing of data and ensuring it is secure. It is vital that SMEs are prepared for this as any violation could result in serious financial penalties. Furthermore, this is something that businesses should strive for anyway in order for clients to be able to trust your company. In this article we are going to look at what you should be aware of and how GDPR could potentially affect your SME.
One of the biggest concerns of GDPR is the nature of consent. It is important that businesses make it clear what they are consenting to- for example if you are going to use their details to send marketing emails. Furthermore, you need to allow people to opt out and you cannot have a “pre-ticked” form so that people do not accidentally consent to sharing data without their awareness.
“The right to be forgotten”
Another big change with the regulations is the “right to be forgotten”. Essentially what this means is that a client could request that you remove any data that you hold on them. A client can also ask for any data to be frozen if it is not correct and have any inaccuracies corrected before being processed.
Taking it with you
A client can ask for a copy of any data that you have on them. For example, if you wanted to switch insurers you could ask for information from the provider to help process an application for another provider.
There are some concerns that if a company uses a third party to handle data this could result in complications if a lot of customers ask for copies of their data. Therefore, any agreement with a small business may require them to discuss how they store information and who processes it.
One massive thing to consider is how you report any breaches of data security- in theory it should be reported within 48 hours of the breach occurring. Aside from complying with regulations this is also something that businesses should do in order to show they are committed to keeping information secure.
But what about Brexit?
Some people may think that because the UK voted to leave the EU that this regulation doesn’t apply. This is not the case- even after Britain leaves the EU there will still be a two-year transitional period and even afterwards it is still likely that any UK law will reflect this.
There is also the fact if you do break the rules on this then you could be fined up to 4% of your earnings. Therefore, it is worth checking to see if you have the right protections in place and that your business is GDPR ready.
If you are not sure about this or would like more information on what GDPR means for your business contact Digi Toolbox today and we will be happy to talk this over with you in more detail.