The new European General Data Protection Regulation rules come into effect on 25th May 2018. Whether you are a multinational or a small business, you will be expected to adhere to this legislation. Fortunately, there are a few steps you can take in order to ensure that your business is compliant.
Talk to your customers
Part of the new rules includes clamping down on vague consent forms. The forms cannot be pre-ticked, and it must be made clear what people are signing up for and how their data will be used. A simple way of doing this is by getting in writing from a customer, asking them about the data they currently share with your business and whether they are comfortable sharing it with you.
Customers can also request to see what data you have on them, allowing themselves to be removed if necessary (the “right to be forgotten”) or to amend and edit details if they are considered inaccurate.
Check it is secure
Another element of GDPR is ensuring that data is kept securely. You should be able to demonstrate that any information is properly secured, this is best if encrypted. In the event of a breach, it should ideally be reported within 24 hours and definitely no later than 72 hours) to the ICO.
Aside from keeping within the rules, it is in your interest to quickly report breaches, as if customers find out that this has been covered up they can lose trust in your business. There have been a number of high profile cases where large multinationals have failed to report breaches, and it has caused considerable damage to their reputations.
In a lot of cases, it may be efficient to appoint someone as a Data Protection Officer (DPO) in order to give you the best possible chance of securing sensitive information.
What happens if I don’t do this?
If you are found to have breached GDPR rules, then you could potentially be fined four percent of turnover or up to 20 million euros. Some people have incorrectly stated that this will not affect businesses with fewer than 250 employees. This is not true, due to the fact the issue is what the information is that companies hold and how it is handled, rather than the size of the company involved.
Another aspect that should be remembered is that you want to be able to demonstrate that you can be trusted with the information that your customers give you, and if you don’t adhere to these rules it can be potentially damaging to both you and your business’ reputation.
We can help
If you are unsure whether or not your business is GDPR compliant, then you should discuss this with an expert. At Digi Toolbox, we can give you the tools you need to protect your customers’ data and to give them the peace of mind they deserve, as well as complying with the new legislation. For more information on how we can help, please contact us today.