Looming GDPR for SMEs: Are you prepared?
The European Union (EU) has established a set of rules for Small and Medium Enterprise owners to follow. Collectively, the rules are termed as ‘General Data Protection Regulation (GDPR) and the deadline has been set for business compliance is 25th of May. So far, statistics show that only one out of every ten businesses are good to go.
What is the buzz about?
From data collection to data processing and storage, GDPR is a set of rules that govern businesses involved in the privacy of data. This scheme is meant to offer customer support and protection. All British businesses are meant to participate in the scheme. This is because the United Kingdom is supposedly a part of the European Union when the scheme is kicked off in May.
Go hard or go home
For businesses that fail to comply, a penalty of 4% of annual global turnover or €20M could become applicable. In addition to that, these defaulters have a tendency to suffer reputational damage or a fallout in PR.
In as much as many businesses are busy in readiness for the scheme, a good number of them do not know what it takes to achieve compliance. Here is a simple tour to save your business.
The size of your business DOES not matter – you have to be ready.
Some micro-businesses think they are limited by size. You should know that GDPR compliance has nothing to do with your staff strength. Nevertheless, there is need to pay cognizance to limited exceptions attached. If your company has fewer than 250 staff, all data processing processes do not have to be mapped. But all processing activities of sensitive personal data of clients must be documented so that the rights of those clients are not compromised.
Make sure their data is up to date.
Review current individual’s data, ensure you have received consent to use their data and that the data is accurate and up to date.
Make sure they are happy to hear from you.
Everything in business is as dynamic as it is intricate. Before you can handle data, you will have to seek the consent of some clients. After all, many people have different definitions for ‘sensitive personal’ data. Thus, the new regulation may offer related information as it tallies with your micro-business.
Understand their rights.
There are eight rights an individual has if you store their personal information, from the right to see their data, the right to move their data, the right to be forgotten (removed from your system) as well as be informed of a system breach (if their data has been potentially compromised). A full list can be found by clicking here. As a business you are required to implement and document these eight rights.
Ensure their data remains safe.
This can be achieved by reviewing your:
- Boundary Firewalls and Internet Gateways
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
- Disaster Recovery Solution
Remember we are here to help, why not take advantage of our free “lunch and learn” session which is focused on GDPR. Click here to register or call us on 0800 082 2420.