On 25th May 2018, the General Data Protection Regulation will come into effect in Europe, including the UK. This new law aims to give us all more control over our data including how and by whom it is used.
Why should I care about GDPR?
Whether you sell your business is selling products such as Avon, you have a dog walking business, are a tradesman or building contractor or running any other kind of business, whether its just you or 100,000 with employees you will need to know about GDPR and what rules to follow. GDPR will affect any business holding personal data on customers, prospects or employees based in the UK or EU.
Why should I prepare for GDPR?
If businesses ignore this new law, they could be fined up to 20 million euros or 4% of their annual turnover.
Fines aside, the main point of this new law is more than just compliance. Customers care about their privacy and expect businesses with their information to respect this. Its good business sense to show your customers, prospects and employees that you ‘care’ about this issue.
What are the new rules? Tell me the basics!
I have been focusing on sole traders, self employed and smaller businesses and these are the guidelines I am following for my businesses.
1. Personal information is defined as – Name, address, phone number, bank/credit cards, email address and IP address.
2. How do you collect, store and record personal data and how do you process that data.
3. Look at how your data is stored at the moment? Is it in paper files, on a computer, laptop? Is it backed up onto a memory stick, the cloud or a server? Is the way you store and access data compliant with GDPR - Secure databases, CRM’s etc.
4. Are all your customers and prospects happy with the way you contact them and do you have permission to pass information to others, for any reason?
5. Is your data still relevant? If not, you must delete it. If an individual asks toy to delete their information, this must be done.
6. Who has access to this data?
What has Virtual Tiger Done for GDPR?
I have personally emailed all of my customers for permissions in the way I store, use and process their data. I have written consent from them which is securely stored on a secure database. I am the only person who can access this data and I am responsible for the data management. I use secure cloud storage that I access with passwords and 2 step security features. If I lost my phone, Laptop or my computer was stolen. I know who I should contact and how to take action to make sure that data is secured. For instance. My phone is password protected and if lost, all data will be erased, passwords changed etc.
(Please note, I do not have a quialification on data protection or GDPR, I have attended webinars, local seminars, reaserached and read through the ICO guide for my own companies before deciding to publish this information, if is a guide only.)
The ICO has published a 12 step guide, which gives businesses a range of things to prepare for before the law is enforced on 25th Ma, this includes advice on updating procedures and what to do in the event of a data breach.