GDPR – How Will it Impact Your Business?
GDPR has been a key talking point for well over a year now, as businesses are wising up to the importance of protecting customer data. Many business owners have already taken the time to shore up their company in order to meet the stringent demands of the regulation. However, some businesses aren’t quite so ready. Well, with less than one month to go before the deadline kicks in, here’s what you need to know.
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a new set of legislature that will be filtering through to the UK through EU law. It replaces all existing data protection regulation and is expected to remain in place even after Brexit occurs.
What changes will it bring?
The effects of GDPR will be wide-ranging and can affect each business differently. However, to cut through the jargon and help you understand what it means, here are the biggest points to be aware of:
• Customers must have complete access to their data at all times and be able to delete it whenever they wish.
• Your customers must be able to take their data and move it to a different business quickly and easily if wanted.
• You, as a business, must make it clear whenever you are taking and storing customer data, and then explaining what you will be using it for.
• All business must have sufficient safety measures in place to avoid sensitive data being hacked and stolen.
• Business must have steps in place to notify relevant customers and the authorities if a breach of data does occur.
How is your business at risk?
UK-based businesses have until May 25 to get their business ready for the change. By putting in place necessary steps now, your business will be fine. However, failure to do so could lead to severe penalties. Under the new law, the body responsible for enforcing the regulations, the Information Commissioner’s Office (ICO), is having its powers increased. They can carry out spot checks on businesses and enforce fines of up to 20 million Euros, or 4% of annual company turnover.
Getting your company ready for GDPR
Here is a simple five-step plan to get your company ready for GDPR:
1. Map out exactly what sort of client data you take and how you handle it.
2. Ask yourself what data you need to keep and start getting rid of any unnecessary information.
3. Implement sufficient safety protocol to protect customer data against attacks.
4. Ensure you seek proper permission for accessing any future customer data (e.g. no automatic opt-in marketing forms).
5. Put in place clear procedures for handling customer data and letting individuals access and delete their information whenever they wish.