If you are a small business owner and you have not thought about GDPR (General Data Protection Regulation) yet, now may be the time to start. Coming into effect in May 2018, the UK Government has confirmed that whatever the outcome of Brexit, the UK will be subject to this directive.
But what is it?
Don’t be surprised if you are not the only one left scratching your head at that. 97% of businesses don’t know what GDPR is, according to Dell.
GDPR will apply to all companies that store and/or sell personal data about customers in Europe. What this means for customers is that they will have greater protection and reassurance over the security of their personal data. If your business offers goods or services to EU citizens, you will be subject to GDPR.
The business implications of GDPR
New staff may be required within your business model. It is recommended that all businesses or organisations that handle sensitive data from customers hire a data protection officer. They will be in charge of the business’ GDPR compliance.
Penalties and fines will be implemented if your business does not comply.
The new penalty is much higher than the one currently in place: The Data Protection Act (2008) will incur up to £500,000 for serious breaches. Should businesses fall short of compliance come May, there is also the threat of closing down or insolvency.
The transparency of customer engagement will be very important. Gone are the days of exchanging business cards with a customer and then automatically adding them to your mailing list. Under GDPR, there has to be a double confirmation from the customer – clear consent given – if they opt in to give you their personal data. Furthermore, the business must have an audit trail for any data given, and good marketing practices in place. This includes time stamps and information reported about how the data was obtained.
Avoiding small fines: has your business done this?
Hiring new staff will not be the only change required in order to ensure compliance. To avoid the heavy fines and loss of reputation as highlighted above, here are some helpful hints and tips.
DO control who can access what:
For all employers/employees, they should be given access to the relevant information that will enable them to do their job and nothing more. This means they should not be able to – regardless of whether they intend to – access personal data of clients that they do not need. This requirement can be implemented by the use of multi-factor authentication, secure remote access and heightened password management.
DON’T forget to step up firewall protection:
The aim here is to reduce your company’s risk of cyber-attack. By installing reputed anti-virus software and firewalls, you can lower the risk of data leaks. It is the business’ responsibility to look after the data they have attained.
DO ensure the email system is secure:
Data breaches are not only down to the risk of a malignant cyber-attack. According to a 2017 report, over two-thirds of malware were installed via email attachment – costing organisations over $850,000 in 2017. Security gateway software as well as greater education for staff improves compliance.
DO seek out a third-party for assistance:
Though it is essential for a business to appoint a new data protection officer it is also highly recommended that businesses seek out assistance from security firms or consultancies. As data breaches must be reported within 72 hours, an additional eye in spotting this quickly is necessary.
DON’T think of GDPR as just a method to achieve compliance:
It is easy to forget that GDPR will help businesses, too. By educating your employees they will be able to adopt best practices in their everyday life. Additionally, the heightened restrictions around the sensitive data your business can attain means the data you do collect should be of better quality and integrity.
Data is valuable currency nowadays.
By taking sufficient measures and using trusted security firms, you are not only protecting your customers but your business itself. It will help your business build closer bonds with your customer and boost your reputation as a trusted organisation. The value of data only means security is even more valuable.
The emphasis here is not only on downloading every firewall you can find. An easy way of improving workplace practice is by giving employees and employers the opportunity of attending vital cyber security workshops – like the ones offered regularly by ACS
Registering and attending these informative sessions will be more important than ever, as the deadline looms. Make sure that you are not caught out by the time May 2018 rolls around.