If you’re frowning, mouthing the letters GDPR and trying to figure out what they stand for, the answer is almost certainly no. And that’s a problem.
What Is GDPR?
GDPR stands for General Data Protection Regulation, and it will come into force in the UK on 25th May 2018.
This new regulation applies to any information on any individual based in or visiting the EU, regardless of where your company is located, and regardless of whether that information is held digitally or on paper. It concerns itself with the handling of:
personal data: any information that relates to an identified person or a person who can be identified by reference to an identifier. e.g. names and locations
sensitive personal data: information on someone’s religious beliefs, political views, sexual orientation or health, including genetic and biometric data that’s used to identify an individual can
Rather worryingly, research by Close Brothers Asset Finance revealed that 31% of small businesses aren’t clear about what ‘personal data’ means. Are you clear about it?
Is Your Small Business Already GDPR Compliant?
Maybe you’re thinking you’re already careful about how you collect and store data. Surely your business is already GDPR compliant?
Probably not. According to research by Veritas, only 2% of organisations are fully GDPR compliant already – and 48% of organisations that claim they’re GDPR compliant admit they don’t have full visibility over data loss incidents.
A survey by legal firm Irwin Mitchell found that less than a third of companies have prepared for GDPR. Before you’re tempted to ignore it too, bear in mind that if your business breaks GDPR rules, you could be fined up to €20 million or 4% of your global turnover; 18% of the respondents admitted that would put them out of business.
Prepare for GDPR NOW
Rianda Markram, Head of Content and Training at LHS, FSB’s Legal Services provider, has three tips for small businesses:
“Firstly, inform your staff of the existence of GDPR and that it’s likely to result in changes in how your organisation handles personal information. Regularly review and update your internal procedures of handling personal data, create a plan to deal with subject access requests and implement a process for breach notifications.
“Secondly, review your existing processes for collecting, storing, deleting and securing of personal data to identify where you need to enhance your processes.
“Thirdly, consider data protection at the start of any new project or where you are using new technologies to determine the risks it may pose and how that can be mitigated.”