Understanding GDPR Compliance
Unless you’re as much of a tech geek as us here at Really Simple Systems you’d normally be forgiven for not following up with the latest updates on data security regulations. However, with the European Union’s (EU) new General Data Protection Regulation (GDPR) deadline fast approaching you no longer have any excuse, especially if you are a business owner. GDPR compliance, which comes into effect on the 25th May 2018, will be mandatory for all businesses keeping data on EU nationals, no matter the size of your business or where you are based.
What’s good about GDPR?
There has been a lot of negativity surrounding GDPR with talk about the difficulties for businesses to implement and comply with it. There’s also been numerous articles discussing the new fines to be issued if companies break GDPR. For many small businesses, figures like 4% of global turnover or 20 Million euros in fines are sheer fantasy numbers, and enough to make business owners panic about the impending doom that supposedly is GDPR.
But for most of us, as private citizens, GDPR compliance will be a welcomed new regulation. The aim is to protect our personal data from being leaked and to give us more visibility of what information companies are collecting about us. And more importantly, what they are doing with that information. GDPR is an update to the current data protection legislation to make it more relevant to today’s world. Modern technology has moved leaps and bounds since the last update to data protection regulations and GDPR is the European Union’s way of catching up with how companies are currently collecting and storing data on its citizens.
The EU wants to take a much stronger stance on data protection and preventing breaches of personal data on its citizens. The EU is also proposing a “right to be forgotten” clause which means that EU citizens would be able to request search sites to stop listing links to sites or images that might be embarrassing or damaging to their reputation, A clause that any of us that have had a bit too much tequila in the past can probably stand behind!
Why is GDPR important?
Like it or not, we live in a digital era and most of our daily activities have moved from the ‘real world’ to being online. I order my groceries online, I book my holidays online, I pay bills online, I even interact with my friends online. Being able to do all these things from the comfort of my own sofa might be very convenient but it’s not without its risk. Cybercrime is on the rise and hackers are constantly looking to get a hold of our private data. I think we all remember the ransomware attack a few months back affecting the NHS. As internet consumers, we all need to be clued up on the risk of giving out personal data online and GDPR compliance gives us the power to dictate what data we are allowing to be shared.
It will no longer be in the hands of the international corporations as to what happens to our personal information. Companies will have to ensure they have explicit consent on the data they are storing about customers, and they will need to make customers aware of any contact data that’s been leaked. However, there is a general lack of knowledge in the public domain on how data security works or even why it’s important to keep up with those computer updates. As a people, we need to become more informed about data security and what happens with the information we share online.
Is GDPR bad for small business?
We might all be able to agree on the benefits of GDPR for individuals. But for most small business owners GDPR compliance seems to come only with a lot of extra work, confusion and the risk of going bankrupt if something goes wrong.
Small businesses are considered more vulnerable targets when it comes to cyber-attacks. In many instances, small business owners don’t even realise what data they are holding on their customers and they might not even discover that there has been a breach of customer data until a later date. Under GDPR, companies are obligated to report a breach to the regulator body within 72 hours unless exceptional circumstances apply. This is a very short time limit and for many small business owners the only way to be able to comply, should a data breach occur, will be to start preparing for it in advance. Identify what data you hold and how it’s being stored. Practising for a possible data breach is another way to make sure you are identifying weak spots in your organisational structure and allows you to prepare for the worst.
Making sure that you are keeping your customers’ data safe is good business practice in terms of customer retention, as more and more consumers become aware of just how important data protection is. Additionally, many large organisations might start considering small business a weak link in their distribution channels unless they can prove that they are able to keep up and comply fully with GDPR. If not, you might find the larger organisation will no longer look to retain smaller businesses as partners but will bring those abilities in house instead.
How to become GDPR compliant
As the GDPR deadline comes closer there has been a bit of an explosion of ‘IT experts’ turning GDPR into big bucks by offering help on how to become compliant. I can’t even remember the last time I opened my email inbox and there wasn’t an email from a consultant promising to make my business GDPR compliant in a few days for an undisclosed sum of money. There has also been a whole host of new software come on the market.
For a small business, it can be hard to know where to start, and while it can be useful to get a third-party consultant in, it’s important to make sure they are qualified for the job. But one of the main things that might get overlooked when considering GDPR compliance is to ensure that everyone within your businesses is aware of what it is and has a basic understanding of how it works. A challenge for many businesses will be to identify all the areas where customer data is being held. Making sure your team is aware of data protection laws will help them identify situations where they might be handling customer data and will make sure it’s handled correctly.
What’s Brexit got to do with it?
As in life, nothing about the current Brexit negations seem straight forward. However, we can be certain that the UK will not have left the EU by the time the GDPR comes into effect, which means all UK businesses will be required by law to comply. Don’t think that you will be able to get away with not following GDPR laws just because of Brexit as that might prove to be an expensive lesson. It’s also important to remember that GDPR applies to everyone that holds the data of EU citizens. So, even if having left the EU, if you are holding data and doing business with other EU members you will need to be GDPR compliant. It’s also important to remember that GDPR is an aim to “catch up” with current technology to protect citizens from having their data leaked or misused. It’s likely the UK would adopt similar rules to GDPR, even post-Brexit. Having seen the new proposal from the Digital Minister, Matt Hancock, this seems a likely scenario. As the world becomes increasingly digital it makes sense for governments to start imposing stricter rules with the aim of keeping their citizens safe from cybercrime and data leaks.
Really Simple Systems and GDPR
As a cloud CRM vendor, Really Simple Systems understands the importance of keeping customer data safe. We are fully committed to being GDPR compliant by the time the new regulations are implemented on the 25th May 2018. You will find a section on our data protection policy here.
Read more about GDPR
We have written a series of blogs to help you understand GDPR and what you need to do to be compliant:
GDPR Compliance for Really Simple Systems explains our CRM compliance
GDPR – Preparing for Change summaries the regulation and what you need to do to be compliant
GDPR Marketing Compliance Launch unveiling the first phase our our GDPR compliance features