What is GDPR and how will it impact my small business?
If you are a small business owner and you have not thought about GDPR (General Data Protection Regulation) yet, now may be the time to start. Coming into effect in May 2018, the UK Government has confirmed that whatever the outcome of Brexit, the UK will be subject to this directive.
But what is it?
Don’t be surprised if you are not the only one left scratching your head at that. 97% of businesses don’t know what GDPR is, according to Dell.
GDPR will apply to all companies that store and/or sell personal data about customers in Europe. This means that customers will have greater protection and reassurance over the security of their personal data. If your business offers goods or services to EU citizens, you will be subject to GDPR.
The business implications of GDPR
New staff may be required within your business model. It is recommended that businesses and organisations handling sensitive data from customers hire a data protection officer. They will be in charge of the business’ GDPR compliance.
Penalties and fines will be implemented if your business does not comply.
The new penalty is much higher than the one currently in place. The Data Protection Act (2008) will incur up to £500,000 for serious breaches. Therefore should businesses fall short of compliance come May, there is also the threat of closing down or insolvency.
The transparency of customer engagement will be very important. Gone are the days of switching business cards with customers and automatically adding them to your mailing list. Under GDPR, there has to be a double confirmation from the customer. This means clear consent is given if they opt in to give you their personal data. Furthermore, the business must have an audit trail for any data given, and good marketing practices in place. This includes time stamps and information reported about how the data was obtained.
Avoiding small fines: has your business done this?
First of all, hiring new staff will not be the only change required in order to ensure compliance. To avoid the heavy fines and loss of reputation as highlighted above, here are some helpful hints and tips.
DO control who can access what:
All employers/employees should have access to relevant information enabling them to do their job and nothing more. This means they should not be able to – regardless of whether they intend to – access client’s personal data unnecessarily. This requirement can be implemented by multi-factor authentication, secure remote access and heightened password management.
DON’T forget to step up firewall protection:
The aim here is to reduce your company’s risk of cyber-attack. By installing reputed anti-virus software and firewalls, you can lower the risk of data leaks. It is the business’ responsibility to look after the data they have attained.
DO ensure the email system is secure:
Data breaches are not only down to the risk of a malignant cyber-attack. According to a 2017 report, over two-thirds of malware were installed via email attachment – costing organisations over $850,000 in 2017. Security gateway software as well as greater education for staff improves compliance.
DO seek out a third-party for assistance:
It is essential for a business to appoint a new data protection officer. For that reason, it is also highly recommended that businesses seek out assistance from security firms or consultancies. Data breaches must be reported within 72 hours, therefore an additional eye in spotting this quickly is necessary.
DON’T think of GDPR as just a method to achieve compliance:
It is easy to forget that GDPR will help also businesses, too. By educating your employees they will be able to adopt best practices in their everyday life. Additionally, the heightened restrictions around the sensitive data your business can attain also means the data you do collect should be of better quality and integrity.
Data is valuable currency nowadays.
By taking enough measures and using trusted security firms, you are not only protecting your customers but your business itself. It will also help your business build closer bonds with your customer. This will therefore boost your reputation as a trusted organisation. The value of data only means security is even more valuable.
The emphasis here is not only on downloading every firewall you can find. An easy way of improving workplace practice is by giving employees and employers the opportunity of attending vital cyber security workshops – like the ones offered regularly by ACS
Finally registering and attending these informative sessions will be more important than ever, as the deadline looms. Make sure that you are not caught out by the time May 2018 rolls around.