GDPR marked a significant shift for businesses of all sizes, redefining the way that businesses should be handling and processing data. Affecting areas from security and data protection through to individuals’ rights to know what data companies store about them it is thought that GDPR provides the strongest data protection rules in the world
How prepared was your small business?
Despite a two-year transition period a study conducted by the FSB in February 2018 found that two thirds of small businesses hadn’t started or were only in the early stages of preparing for GDPR compliance. A situation which many believe is still likely to be prevalent amongst SME’s despite GDPR coming into force on the 25th May. A key factor cited for this is the complexity and sheer number of new rules and regulations many of which require interpretation rather than being cut and dry rules.
Whether your small business has your processes worked out or is one of those that is still getting your governance in place, it is important to remember that work doesn’t stop just because GDPR is now in force. Taking accountability for your actions when it comes to data handling privileges is a key to GDPR, so your small business needs to be prepared to demonstrate ongoing compliance with the new rules.
Next steps to consider
Ensure your staff are aware of the regulations
Human error can often be a cause of a data breach. Update your training on data protection and the new and relevant rules from the GDPR. This will be key to minimising the risk of a data breach and ensure accountability across your business. Some companies may look at hiring a dedicated Data Protection Officer (DPO) but this isn’t always possible for smaller businesses so you could look to reshuffle responsibilities of existing staff to cover any extra requests that arise from the new regulation.
Cover the basics
Make sure your staff adhere to a clear desk policy. Make sure your building has tight security procedures and that you provide lockable storage for your employees if they do need to keep paper copies of records. Ensure your IT and digital security policies are up to date as well, covering not only your data storage but also your policies on emails and attachments and that your staff maintain security levels when working from home or in public places.
Make sure you are prepared for data requests
Potentially a reaction to individuals increased rights when it comes to the data that is held about them, many companies are seeing an increase in subject access requests (SAR’s). Do ensure that you have a process and procedures in place for responding to these requests – if you do not respond within one month an official complaint can be raised.
Embed data compliance in to your business
GDPR is here to stay. Many have referred to the complex nature of the new rules and regulations so SME’s need to get their head around these. You also need to be prepared to keep up to date with any changes that may come along. The ICO website is a good place to refer to for relevant news.
Not only that but it is thought that data compliance could ultimately provide business advantage. Given the importance of GDPR those who can demonstrate compliance may potentially be more likely to win and maintain contracts than those who can’t.
Now the preparation period and deadline for GDPR coming into force have passed SME’s and small business shouldn’t lose focus on ensuring compliance. It may also be a good time to review your small business insurance to make sure you have cover in place for all eventualities. At Anthony Jones an invaluable part of our service is the support we can provide to our small business customers with risk management and insurance advice. Talk to us today if you have any questions about your business insurance needs.