Are you ready for the new General Data Protection Regulations (GDPR)?
European data protection laws are changing and come into force on May 25, 2018.
These new laws will affect all businesses in the UK and the current Data Protection Act (DPA) will be updated to reflect the GDPR obligations.
The GDPR is a framework with greater scope, much tougher punishments and judicial remedy for those who fail to comply with new rules around the storage and handling pf personal data, be it in physical or electronic format.
Why are these new laws being introduced?
Since the DPA was introduced in 1998 technology and the internet have developed at such a rapid rate that these rules are now deemed to be ineffective.
Nowadays, the ease and sophistication of data collection means that thousands of SMEs not only collect personal details, but store, move and access them online.
Personal data is used in everything from sales to customer relationship management to marketing.
A recent report form the Federation of Small Businesses (FSB) claims that SMEs are now more likely to be targeted by cybercriminals than their large corporate counterparts and cybercriminals consider SMEs softer targets.
The GDPR is considered a necessity for the protection of data in a modern internet based society.
What does GDPR mean for SMEs?
Businesses must keep a detailed record of how and when an individual gives consent to store and use their personal data. This means a positive agreement and cannot be inferred from a pre-ticked box.
Customers or individuals have the right to withdraw consent.
Details must be permanently erased.
This means businesses should review their existing data and delete any that they do not have a valid reason to hold it.
The GDPR sets out the legal bases available for processing personal data such as needing it to perform a business contract.
Businesses should review what data they hold, have they got consent and do they need to keep it?
Data should be kept secure and this will require a review of current practices to prevent data breaches.
Personal data is a key tool for SMEs looking to target and retain customers: GDPR means it must be handled with the utmost care.
You should start planning for the GDPR now and consider an information audit and, for many businesses, a change in culture.
In summary, you will be required to:
- Prepare and maintain documentation on your policy and for compliance with the GDPR.
- Appoint someone in your business to the point of contact for data protection.
- Review existing procedures for weaknesses and areas to strengthen ahead of the new regulations.
- Ensure you have a legal basis to hold personal data and have a valid reason for holding it.
- Ensure you keep any data protected and secure.
- Have procedures for reporting date breaches.
- Keep your records up to date.
How can we help?
We can introduce you to an expert in this area who can perform an information audit and work with you towards GDPR compliance.
For further information contact us on 01244 343504 or email info@ellis-uk.com