Small Businesses – Understanding GDPR

Small Businesses – Understanding General Data Protection Regulations (GDPR)

As a Business Owner you should understand your responsibilities under the new GDPR regulations, which come into force from May 2018

  • Most importantly is businesses will have responsibility to prove they have “consent” to handle their clients data
  • Contacting children under 16 – you will need parental consent
  • Your business will need to appoint a Data Protection Officer if it is a public body or if the core activities of the controller or the processor involve regular monitoring of data on a large scale or where the business conducts large-scale processing of special categories of personal data.
  • GDPR applies to personal data – this is to reflect changes in technology
  • You need to show how the business has integrated data protection into your processing
  • Privacy needs to be considered from the launch of any new product or service
  • Businesses will need to ensure clients have the option/right to have their data erased
  • Fines for major breaches of the GDPR could be up to 4% of annual turnover

    Some Steps to take now to prepare you for the GDPR:-

    • Information you hold – document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
    • Review your privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.
    • Individuals Rights – Check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically.
    • Subject Access Requests –  Update your systems and plan how you will handle requests within the new timescales and provide any additional information.
    • Data Breaches – You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
    • Consent –  Review how to seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standards,
    • Familiarise yourself now with the ICO’s code of practise on Privacy Impact Assessments.

Don’t delay, make sure you are ready for May 2018!

Have a great day!

Matt

Build a UK Business

Please follow and like us:

Leave a Reply