Why Small Businesses Need to Prepare for GDPR
GDPR is coming – don’t get caught out.
The implementation date for the EU Data Protection Regulation (GDPR) is 25 May. Despite Brexit, UK businesses will need to comply.
In order to maintain business links with EU countries, the UK will need to create EU equivalent rules and regulations. GDPR is an example of this and must be complied with if businesses want to trade with the EU. The GDPR regulations are more favourable to consumers than businesses. As personal information becomes more regularly shared and as businesses hold more and more volumes of customer data, there is a need for management and control over what businesses can do with that information.
GDPR gives regulators the ability to apply large fines of up to 20m Euro or 4% of global annual turnover – whichever is higher, for non-compliance. As such, businesses need to take these new regulations seriously and will need to implement changes to the way they operate, depending on the type of personal data that they hold. This will include customer records, databases, CRM systems, etc.
In addition, firms will need to ensure that they have appropriate policies and procedures in place with regard to any personal data that they hold or process.
It’s also worth reviewing supplier contracts to ensure that these contracts are GDPR compliant. Finally, your recruitment and HR policies and procedures should be reviewed to ensure that personal data is managed in a way that is compliant with GDPR.
There isn’t a lot of time left before GDPR comes into force. The ICO have a great 12 Steps to Take Now PDF which can be downloaded here. There is also easily accessible webinars online that you can watch to get a quick understanding of what you need to do before the deadline. If you plan to hire an external consultant make sure you have an outline of the services you expect you’ll require to ensure you don’t end up paying for additional unnecessary services.