GDPR is the new regulation that all business owners need to be aware of. So what exactly is GDPR and how will it effect business owners, from small businesses to bigger organisations? This introductory article on GDPR will prepare you for the upcoming regulation.
GDPR is the European General Data Protection Regulation which will be in effect from 25th May 2018. This new regulation has been put in place to encourage businesses all over Europe to really think about data and the protection of it. The idea behind the regulation affecting the data of all EU citizens, is to give control back to the public. It will ensure that individuals are aware of what data they are giving, and how it is shared.
Although there are certain rules and regulations already in place in the UK to protect data, none are as encouraging as GDPR. If you fail to comply with the rules and regulations of GDPR you will face serious consequences. Under the current UK data protection law, the ICO (Information commissioner’s office) can fine up to £500,000 for malpractice. However under the new GDPR law, the compensation is extortionate in comparison. Businesses that fail to comply will have to pay €20 million or 4% global turnover (whichever is highest). Therefore, businesses really need to take this new regulation seriously otherwise it can be detrimental to their business.
There are three main things that GDPR requires, and they are:
- Businesses with more than 250 employees have to hire a designated Data Protection Officer. This individual needs to have had extensive training and have a thorough understanding of GDPR.
- If there is a breach of data, whether it’s lost or stolen, then this needs to be reported to the official authorities. You should aim to do this within 24 hours, however you can take a maximum of 72 hours. If the breach is deemed to be sufficiently serious to warrant notification to the public, the organisation responsible must ensure they do this without delay.
- You will need to get consent for the use of data by the individual. The individual will now need to ‘opt in’ to agreeing, whereas before ignoring the ‘opt out’ button automatically meant agreeing. Additionally, the data previously collected without this new term in the GDPR cannot be used.
It is true to say that this regulation has the biggest affect on businesses with more than 250 employees, however small businesses with under 250 employees are not exempt from the regulation. If your small business deals with any of the following data, then you must also abide by the rules of GDPR: health data, information on racial ethnic origin, political affiliations, religious beliefs, sexual orientation and genetic and biometric data.
You may be thinking, what about Brexit? Surely because we are leaving the EU, we don’t need to comply with EU rules and regulations? Fortunately or unfortunately, depending on your outlook, GDPR is coming and it looks like it is here to stay. Although the UK is leaving the EU, and the Brexit negotiations are still taking place, there is no indication that GDPR will no longer apply. Not to mention the fact that when the regulation actually comes into effect, the UK will still be part of the EU. Additionally, GDPR affects any company which has EU citizens as clients, so even when we are no longer part of the EU it could well still affect your business if you have international clients.
With under a year until GDPR comes into effect, businesses need to do all they can to prepare themselves. As business owner, you must find out how it will affect your business specifically and what you can do avoid the very harsh consequences.
You can find more information on small business rules and regulations here.