The General Data Protection Regulation (GDPR) – Are you Compliant?
European data protection laws are changing and come into force on 25 May 2018. These new laws will affect all businesses in the UK and replace the 1998 Data Protection Act (DPA). The GDPR is a framework with greater scope and much tougher punishments for those who fail to comply with new rules around the storage and handling of personal data.
Why are these new laws being introduced?
Technology and the internet have developed at such a rapid rate that the existing rules are now deemed to be ineffective. Nowadays, the ease and sophistication of data collection mean that thousands of SMEs not only collect personal details but store, move and access them online. Personal data is used in everything from sales to customer relationship management to marketing. Cybercriminals are now much more common. In 2016, companies in the UK lost more than £1 billion to cybercrime. Major data breaches have given criminals access to names, birthdates and addresses and even social security and pension information. Cybercriminals now consider SMEs soft targets!
The GDPR is considered a necessity for the protection of data in modern internet-based society and is a chance to take a fresh look at your data security, as data breaches may impact your business reputation.
What does the GDPR mean for SMEs?
Businesses must keep a detailed record of how and when an individual gives consent to store and use their personal data. This means a positive agreement and cannot be inferred from a pre-ticked box. Customers or individuals have the right to withdraw consent. Details must be permanently erased. This means businesses should review their existing data and delete any that they do not have a valid reason to hold. Data should be kept secure and this will require a review of current practices to prevent data breaches.
Personal data is a key tool for SMEs looking to target and retain customers: GDPR means it must be handled with the utmost care.
You should start planning for the GDPR now and consider an information audit and, for many businesses, a change in culture.
How can we help?
If you would like assistance with GDPR, the best approach is probably to consider hiring an external consultant to advise the firm on getting up to date as quickly as possible. Contact us on: 01295 477 2500 alternatively you can email [email protected].