The deadline for compliance of the new GDPR regulations is fast approaching – you have until 25 May 2018 to comply.
What is GDPR, though? Who does GDPR apply to? What do you need to do to comply?
This post looks at these questions in more detail.
What is GDPR?
GDPR stands for General Data Protection Regulations. These are the new regulations from the EU, governing the collection, storage, and use of personal information.
The regulations have two main aims:
- Give people control of their data and how it is used
- Harmonising data control regulations across the EU
There are substantial fines for non-compliance.
Who Do the New Regulations Apply To?
All businesses must comply with the regulations, with a very few exceptions, but the level of compliance and what you need to do varies depending on the size of your business and how you use data.
For example, a social media platform must do a lot more to ensure GDPR compliance than a small business who keeps an email subscriber list to stay in touch with customers through email marketing.
Are Small Businesses Exempt from GDPR?
The GDPR generally applies if you store, process or utilise data, regardless of how many employees are in your business.
For example, GDPR covers the data you hold on your employees, something which can include private information which could risk the rights and freedoms of those individuals if the information fell into the wrong hands.
Remember as well that the vote to leave the EU is unlikely to impact how you are affected by GDPR. This is because it still applies to data you hold on EU citizens, plus the UK government has already indicated it plans to create legislation with very similar rules.
What Are the First Steps You Should Take?
The first thing you should do is to consider how your business uses data. This includes data on your customers as well as data on suppliers, employees, and others.
The objective is to understand what data you hold, how and where it is held, what you do with that data, who is responsible for its security and proper use, and what steps you have taken (and need to take) to ensure it remains secure.
You will also need effective processes in place to handle queries from individuals asking for details of the data you currently hold on them. Individuals can also ask you to amend or delete data.
In general, if you hold any kind of personal data on employees, customers or suppliers, it is advisable to comply with the best practices contained within the regulations regardless of the size of your company.