General Data Protection Regulation
Does it affect my business?
In short – yes.
If you have any information on anyone other yourself, whether it’s an email address, a telephone number or a business card, and that person lives in the UK (or the EU), then the GDPR affects you. That means any personal data on customers, clients, potential leads or even employees.
See what we mean? Basically all businesses need to pay attention.
Companies not compliant with the GDPR on May the 25th could be subject to fines if the ICO investigates your compliance.
Obviously the bigger you are, and the more data you manage the more complex the process gets. A sole trader with a handful of clients to manage and an employee should find the process much simpler than a company that runs an ecommerce store with a supply chain, for example.
But regardless of what you do the basics of what you will need to have are similar. They cover things like policies on how you obtain and handle data, how long you keep it for and ensuring you have the correct permission to have it in the first place. You’ll need training for all staff who have access to data and you’ll need contracts between people who decide what happens with that data (for example the business owner) and people who have access to that data (that’ll be, for example, your web developer).
I’m just going to carry on as I am thank you very much…
We really don’t recommend burying your head in the sand. Part of the GDPR means that everyone involved in handling your data has accountability.
Under the new laws, if your website handles data, your web developer will be held accountable for how you handle data. That means that a reputable or sensible web developer will not be able to work with you unless you have the proper processes, privacy statements (to be called Fair Processing Notices) and client developer agreements in place.
OK – so my developer can sort that out (if they want to keep my business).
Unfortunately not. Believe us – we would if we could, we stand to lose clients who don’t sort their own policies out. GDPR affects you as an individual, each individual in your business, and how your business operates as a whole. You as a business will have liability for each of your employees. In short if your employee loses someones data, and that is not dealt with properly, you could be held responsible.
The GDPR laws are, quite simply, attempting to ensure that everyone at every stage knows how to keep data safe, and that they know what to do if data is lost.
So what do I do now?
The Information Commissioner’s Office (ICO) website has loads of great resources.
There’s a good starter page here.
There’s also a dedicated line for small businesses and charities which you can find here.
There’s plenty of other sources of support out there.
Don’t be scared!
It’s our genuine belief that this isn’t a way to screw over businesses genuinely trying to do good work. The upshot of the GDPR should be that all of our information is more secure, and that everyone is much clearer on the importance of looking after personal data.
So unless you are someone who is deliberately setting out to abuse the use of personal data, then you’re already on the right track reading this. But don’t ignore it. Get the process started now and you should be able to get it resolved in plenty of time.
There are lots of courses being held across the UK to get you started on GDPR, here are some that are happening locally:
We need to talk about GDPR – Cultivator and Coodes Solicitors
GDPR – What’s all the fuss about? – Natwest & Sapphire Consulting Group
Being GDPR Ready – Superfast Business Cornwall
GDPR training – NCI Technologies & Sapphire Consulting Group
The wonderful people at Sapphire Consulting are supporting us through our GDPR journey. Contact them here.
We’re also getting a technical review from Focus Technologies.
These people also provide support in getting you compliant.