[Updated November 2021] An issue that I (and most IT administrators) often hear from users…
Do you know what it is ?
Do you know what you need to do ?
Research by the Federation of Small Businesses (FSB) in March 2018 shows that the SME sector is less prepared than others for the changes required for the introduction of GDPR.
More than 50% of businesses have little or no understanding of the GDPR and 33% have not yet started their preparations.
Time is running out !
GDPR stands for General Data Protection Regulation, a European privacy law approved by the European Commission on the 27th April 2016 and it will become enforceable on the 25th May 2018. It will also be embodied into UK law, GDPR replaces the Data Protection Act 1998.
The GDPR will affect all organizations established in the EU, and all organizations involved in processing personal data of EU citizens. It will apply to any organization processing personal data of EU citizens regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to any organization anywhere in the world.
Potential penalties for non-compliance are significant, with large fines for those in breach of the regulation. The Information Commissioner’s Office (ICO) are responsible for enforcement in the UK.
There is an abundance of information available from the ICO on the subject but most of these documents are around 50 pages long and full of legalese and take ages to read through, understand and digest.
There is a lot that small businesses have to understand and do in order to comply with GDPR so we have spent many hours ploughing through lots of documentation and reports in order to try and extract the main points so that we can help our clients and other small businesses to get a better understanding in simpler terms and start on the path to compliance.
You cannot ignore it, the important thing is to get started so that you can demonstrate that you are taking steps to comply.
Most businesses will probably have at least heard of GDPR and some will be aware that one of the requirements it involves is obtaining explicit consent to collect and use personal data but there are also other requirements that require you to audit your systems, to identify what data you hold, why, how long etc and to document this all so you have records to demonstrate all this if required to prove compliance. This is a very simplistic summary. There will also be changes required to your website and privacy notices and policies so there is a lot to do and it will take some time.
Almost all businesses will have different requirements. If you need assistance in getting started with your compliance for GDPR, get in touch with Steve at Scalar Enterprises for a chat so we can see how we can help.
Scalar Enterprises are not lawyers, the material we present on this subject resulted from our research carried out regarding GDPR. It may not be complete and in no way represents legal advice. It is intended to help get you started quickly on your way to meeting the requirements. You should really seek formal legal advice to ensure your compliance with GDPR.