Small Businesses – Understanding General Data Protection Regulations (GDPR)
As a Business Owner you should understand your responsibilities under the new GDPR regulations, which come into force from May 2018
- Most importantly is businesses will have responsibility to prove they have “consent” to handle their clients data
- Contacting children under 16 – you will need parental consent
- Your business will need to appoint a Data Protection Officer if it is a public body or if the core activities of the controller or the processor involve regular monitoring of data on a large scale or where the business conducts large-scale processing of special categories of personal data.
- GDPR applies to personal data – this is to reflect changes in technology
- You need to show how the business has integrated data protection into your processing
- Privacy needs to be considered from the launch of any new product or service
- Businesses will need to ensure clients have the option/right to have their data erased
- Fines for major breaches of the GDPR could be up to 4% of annual turnover
Some Steps to take now to prepare you for the GDPR:-
- Information you hold – document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
- Review your privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
- Individuals Rights – Check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically.
- Subject Access Requests – Update your systems and plan how you will handle requests within the new timescales and provide any additional information.
- Data Breaches – You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
- Consent – Review how to seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standards,
- Familiarise yourself now with the ICO’s code of practise on Privacy Impact Assessments.
Don’t delay, make sure you are ready for May 2018!
Have a great day!
Build a UK Business