Despite Brexit, the EU’s General Data Protection Regulation (GDPR) will be implemented from May 2018.
In order to avoid fines, SMEs must start preparing now. This will affect the way SMEs manage their customer and employee data so it’s set to affect everyone across the EU member states.
The UK’s stance on this has been uncertain and so companies have been keeping their eye on Brexit negotiations. However, while the UK voted to leave the EU, we are still legally a member until March 2019. So small businesses will still need to prepare.
Anyone who doesn’t comply will face fines of up to 4% of annual turnover or €20m, whichever is the most.
Joanne Smith, chief executive of consultancy TCC Group said: “The main surprise to small business owners may be the vastly increased level of fines for noncompliance.
“GDPR delineates the roles and responsibilities of controllers and processors, with joint liability for data-protection breaches. Any small business that processes data for a client firm may have to demonstrate they have appropriate data-processing controls in place and they comply with the GDPR.”
The law will mean that consumers will have to consent to their data being used. They will be able to withdraw their consent or make a request to see who has their data. This will make companies think twice about handing over customer data to partners.
When to prepare
So far 29% of UK businesses have not started preparations for GDPR. While some may be hesitant to act now as the deadline is in over a year, others are simply uninformed about the changes. If you need any help or information, the Information Commissioner’s Office has released this guide.
How can you prepare?
You will need to demonstrate that you are complying by implementing appropriate measures including staff training, internal audits or reviews of HR policies. Some companies will find it necessary to appoint a data protection officer.
Don’t be one of the 29% who don’t know what GDPR is or how to deal with it once it comes into place. Like with anything in the business world, the sooner you know the better prepared you can become.
Working with an experienced company who can handle all your cyber affairs will help you better understand the new laws. Some firms will now be offering GDPR services and will take a look at your current system to see how well prepared you are.
You may need to tweak databases or do something more significant, so help with this will be important if you need it. It’s better to do this sooner rather than joining the rush to comply around the deadline as advisors will become busier as time goes on.
Make sure everyone knows the score
You need to make sure that everyone at your company is aware of GDPR and any changes you will implement so that everyone’s on the same page.
Are you prepared for GDPR? Will you have to make big changes? Please let us know your thoughts.
Want to learn more?
Subscribe to our newsletter to get accounting tips like this right to your inbox
About The Author
An experienced business and finance writer, sometimes moonlighting as a fiction writer and blogger.