New sets of rules and regulations relating data, how you secure, use and access it, are changing. GDPR is something you need to be compliant with, no matter what size of business you are or what industry you occupy.
What is GDPR?
The EU General data protection Regulation (GDPR) has been created to replace the Data Protection Act, as we know it in the UK. Currently, every country has different rules regarding data protection. GDPR applies to all countries, meaning everyone is guided by the same sets of rules and principles when it comes to gathering, using and keeping information safe.
Evolution, not Revolution
As the digital age has evolved, so too has the way companies gather information on its customers and users. But alongside these changes, threats have emerged and grown too.
Fairness, transparency, accuracy, security, minimisation and respecting the rights of individuals are key to GDPR – although many argue, we should already be upholding these.
GDPR represents an evolution in the management of data and digitally held information but this doesn’t mean there is room for complacency.
Will small business be affected by GDPR?
If your business deals with the personal data of customers, then yes, there are implications.
Personal data could be;
- Someone’s name
- Their photo
- Their email or postal address
- Their bank account details
- Medical information
- Or their personal computer’s IP address
GDPR applies if the data controller (the business or organisation that collects the data) or the data processor (the business or organisation that processes the data for the controller) or the data subject (the person to whom this data belongs, such as your customer) is based in the EU.
Under GDPR, any business or organisation has a duty to ensure that personal data is processed lawfully and transparently, and for a specific purpose. When this specific purpose is no longer viable, the data must be deleted.
What changes will come with GDPR?
There is greater emphasis on accountability and you must demonstrate you comply. Other changes include;
- Keeping detailed records of processing activities
- Demonstrate appropriate technological and organisation measures are in place to ensure GDPR compliancy
- It affects all businesses who deal with EU-based customers
- Penalties will apply to data controllers and/or processors if compliance is not demonstrated
- Consent to gather, use and store data from customers and others must be clear and easily accessible
- When people ask you to delete their data, you must do so
- There is greater emphasis on accountability and demonstrating how you comply
What if a small business doesn’t comply with GDPR?
Failure to be able to show compliance, whether it was unintentional or not, can lead to a fine of up to 4% of a small business’s global income. For more serious data breaches, the fine levied could be up to €20 million.
In a nutshell, GDPR applies to any business, large or small, that deals with data of customers living or working in the EU. Check if you are compliant by contacting our team.
How can we help you?
If you’re in need of assistance with any aspect of ISO or GDPR compliance, here at Synergos we’d be delighted to help. Whether you have questions about the path to compliance or are looking for advice and support to maintain compliance, call 01484 817 444 or Email firstname.lastname@example.org and we’ll be happy to talk it over with you.