If you are running a small business in London, you’ve probably realised that the data you hold on your network needs to be protected. In May this year, the new General Data Protection Regulations or the GDPR come into effect and failure to comply by that date could put your business at risk of fines and even prosecution.
We already have the Data Protection Act 1998 which businesses must comply with. The GDPR is essentially a bulking up of this legislation, putting greater emphasis on the rights of the individual and more responsibility on the data collectors. All this means your small business needs to handle its data responsibly in accordance with the new rules.
Here are two key points:
• If you are a controller or processor of data in any way, you will have to meet the GDPR standards.
• The size of your business doesn’t matter. If you handle any kind of data, however small, you need to prepare for the change and you need to do it now.
The GDPR actually came into effect last year but you have until 25th May 2018 to ensure that you comply with the rules. If you haven’t already done so, it’s probably time to contact your IT support partner to find out what you need to do and how they can help you.
How you handle personal data is going to be even more important with the new GDPR legislation. Data can mean anything from names, addresses and email contacts to bank details and medical information. The rules mean, for example, that you ensure you only collect data that you require to fulfil your duties as a business. You need to have the appropriate security measures in place that ensure the safety of all data. You also need to provide people with the opportunity to remove or change data you hold for them.
There is a complex array of requirements in the GDPR which your business may have to comply with. You will need to demonstrate that you have the right processes in place and have a system for reporting and managing data that potentially goes beyond what you have now.
Many small businesses still don’t fully realise what their obligations are under the new GDPR and may well fall foul of the rules if they don’t have the right processes in place. Even if you have what you consider robust data protection measures in place, you should work with your IT support partner to ensure that you are fully compliant.
• Having proper guidelines in place for handling and managing data.
• Looking at how you get consent for gathering data and what processes you have in place for allowing a person to withdraw their permission.
• How you manage requests to see what data you hold.
• What processes for data protection and backup you have in place.
• How you handle and notify the Information Commissioner if your systems have been breach.
At Ratcliff IT, we can work with you to make sure that your business is fully GDPR complaint. Contact us today on 0844 544 2921 to find out more.