We get it. Some individuals are labeling GDPR as the “grim reaper” for small businesses, with scare mongering tactics, and inducing fear about the impending multi-million euro fines. We’ve spent the past few months with our ear to the ground, trying to figure out exactly what it is, if we’re ready, and if our clients are ready. We’ve read article after article, and blog post after blog post, finding out exactly what it is. We think we’re ready, and it turns out, it’s not that scary…
So what is GDPR?
GDPR stands for General Data Protection Regulation. Come the 25th of May 2018, GDPR will be the new standard in ensuring businesses are accountable for how they process the personal data of EU citizens. Getting yourself compliant initially may be a pain, but over time it will only add to the credibility of your business, increasing the confidence of future and existing customers.
When do I need to be ready?
Yesterday. GDPR comes into play on the 25th of May 2018, but regulators are already on the look out for businesses that aren’t ready. We’re all guilty of putting off things to the last minute – thankfully most of what we put off doesn’t have multi-million euro fines…
But don’t businesses already look after personal data? Why the changes?
Yes and no. You may have seen in the news Uber and TalkTalk were hit with £400,000 fines for not looking after their customer data. GDPR is changing the current regulation that was written in 1995 – making rules clearer and consequences larger. According to the Information Commissioner’s Office, businesses already successfully abiding by the 1995 legislation will already be on their way to being compliant. Ultimately, GDPR is there to boost consumer confidence in the growing digital economy, so they will trust you to handle your data the right way.
So what’s new?
GDPR will extend EU citizen’s rights to correct, restrict, and erase their own information at any time. It will be imperative for businesses to have tangible evidence of EU citizen’s consent to hold the data they have.
So how will it affect me?
As an EU citizen, GDPR heightens your control over your personal data. As a business, failing to follow protocol may mean restriction on businesses’ processing of personal data or even issue penalties of €2 million or as much as 4% of your annual revenue. Remember, being compliant will mean that consumers and clients will trust your business more.
What about Brexit?
GDPR will come into force before the UK leaves the EU, so there will be no escaping it. Post-Brexit, the UK government is introducing a new Data Protection Bill which will mirror many of the EU regulations. GDPR has potential repercussions for any business that handles an EU citizen’s data, no matter where in the world they are.
So what do I need to do to be ready?
There are a few things that you can do to get yourself GDPR ready:
- Understand what personal data your business has. Audit it, collate it, whatever you can – just understand what it is, and where it is.
- Plan for how you will handle changes if someone wants their data deleted, modified or moved. Plan exactly how you measure consent, how you delete information on request, and what you will do in the event of a cyber-attack.
- Review your privacy policy – ask for help if you need to. Speak to a solicitor or lawyer about making your privacy policy compliant.
- If you’ve done all that, and it’s too much to handle, put someone in charge of your data. If your business is handling large amounts of data, you must assign a Data Protection Officer.
Resources
Check out our simple assessment to see if you’re ready.
The European Commission released this neat infographic that explains more about what GDPR is.
ICO article about the importance of Data Protection Officer.
What next?
Speaking to other businesses, it’s clear that there is still concern about what the General Data Protection Act means for the future. Speak to us about getting your WordPress GDPR worries.