WARWICKSHIRE MEANS BUSINESS

Is your business ready for the GDPR?

With just months to go before the introduction of the General Data Protection Regulation (GDPR), Linsey Luke, Midlands area development manager for the Federation of Small Businesses, explains how businesses need to ensure they are ready.

GPDR is a new data protection regulation that provides individuals with more control over their own personal data. This will change the way businesses must legally handle an individual’s personal data and will mean further responsibilities for businesses who will have to meet the new regulations.

Research from Federation of Small Businesses (FSB) shows that data protection is definitely on the minds of small business owners, with almost 60 per cent of members ranking data protection laws as a significant regulation they have to deal with. This statistic may paint the picture that smaller firms are also aware of, and are preparing for, the introduction of GDPR in May.

Unfortunately, this doesn’t appear to be the case, with many small businesses either unaware of the upcoming changes or having not started preparing for them yet. Earlier this year, YouGov surveyed British businesses about the upcoming data protection changes, specifically GDPR. The results were concerning, with just 29 per cent of UK businesses saying that they had started preparing for GDPR, while 38 per cent said they were unaware of the new rules.

One of the key issues for many smaller firms is that they do not understand the scope of the changes and what they will be required to do. Many people class GDPR as an IT issue, which mainly concerns computer systems and how businesses store personal data. This includes business processes such as how client files and passwords are stored. However, it could also affect other processes across a business, from project management to networking and from sales to customer service.

The main shift of GDPR is that the new law will give more rights to the individual and make companies that handle their data more accountable. This means that record-keeping becomes a lot more important as businesses will need to be able to prove how they obtained this data, what permission they had to retain it, how they are using it and how they removed it if they have been ask to by an individual. It will also be a requirement to obtain, and keep a record of, an individual’s consent to hold the data in the first place.

As a result of the new rights of individuals, businesses may have to alter their current data handling procedures. For example, a good starting point is to look at exactly what personal data is currently being held, and what it is used for. Is the information that is being collected more information than is strictly necessary for the purposes of the meeting? GDPR cracks down on frivolous data collection, meaning that businesses should only collect and keep exactly what will be used.

There are a number of excellent resources available for smaller firms. FSB has a section of its website dedicated to providing GDPR tips, while the Information Commissioner’s Office (ICO) is also a great resource.

Taylorfitch. Bringing Newsletters to life