This might be another yawn subject, but very much like our previous cybersecurity post it really is essential that you guys are up to speed with the serious stuff too. GDPR is the General Data Protection Regulation set by the European Union, it comes into force May 2018 and governs how organisations manage and use data. Whether you’re a sole trader or SME the new GDPR Regulations will affect you, so let’s get started:
Whether or not we’re in or out, we’ll still be a Member State next May, ergo it still applies. We also don’t how what our trading relationship with Europe will be, it is highly likely that data protection laws will still apply. Having a GDPR plan in place is still a great move, that way you are still conforming to best practice.
How do I know if it applies to me?
In short, the scope of the regulation is broad. The regulations themselves state that businesses with over 250 employees are bound by the new laws. HOWEVER, if you are any organisation that is collecting, storing or using data about customers and prospects (or personal data) take it as a given that it applies to you.
Okay, I’m a tiny business – what should I do?
Here are some top level things we recommend that small businesses/sole traders can do now in preparation:
- Get a good idea of the data you have and where it sits.
- Ensure that the data is kept somewhere secure – maybe try a secure cloud-based CRM system.
- When asking for data on your online forms, ask for consent and request communication preferences.
- Only retain data for as long as you need it, then remove it. Only have relevant data in your possession.
We’re not the experts on this complex subject, the Information Commissioner’s Office (ICO) have plenty of resources and will advise you on what you need to do if you get a breach. Read more on their website https://ico.org.uk/for-organisations/business/
We will be back with more on this subject later on this month.