On the 25th May 2018, Data Protection is changing. It will become GDPR (or the General Data Protection Regulations to quote it’s full title). Although this may seem like a minefield for small businesses, or perhaps a distraction from the day job, if you hold and process personal information about your clients, employees or suppliers, you are legally obliged to protect that information.
Under the Data Protection Act, you must:
- only collect information that you need for a specific purpose;
- keep it secure;
- ensure it is relevant and up to date;
- only hold as much as you need, and only for as long as you need it; and
- allow the subject of the information to see it on request.
So what does that mean for small businesses? Here’s our 10 steps to help you prepare for GDPR:
- Ensure any decision makers or key people in your business are aware as they’ll need to know the impact this will have.
- Audit what personal data you hold, and where. You’ll need to document where you got it from and whether you share it.
- Check through your privacy notices and consider if any changes need to be made.
- Check your procedures to ensure they cover the rights of the individuals. How would you delete personal data within your business?
- Review how you’d handle data requests for information within the timescale.
- Review how you obtain consent for any marketing lists you hold and whether you need to make any changes. Refresh existing consents if they don’t meet GDPR standards.
- Consider if you need to verify individual’s ages. You’ll need to obtain parent or guardian consent if you hold any personal data for children.
- Make sure you have the right procedures in place to deal with any data breaches.
- Designate someone in your business to be a data protection officer.
If this still feels really confusing, why not let us help you?
We can offer your company a hassle-free audit, and can even provide support to implement any changes. Its just another way our flexible approach can ensure small businesses keep compliant without having to take their eye off their business too much.
Get in touch – firstname.lastname@example.org