The General Data Protection Regulation (GDPR) will be a major update to international data protection.
Brought in to manage the data of EU residents, the GDPR will come into effect on Friday May 25. With the deadline fast approaching, organisations around the world should now be confident in their plans to be compliant by that date.
However, among the scaremongering and current politics surrounding data protection, it is not always clear what is expected of small business when it comes to the GDPR. Here we’ll take a look at the latest conversation around the GDPR.
GDPR Compliance for Small Businesses – Mixed Messages
There have been some mixed messages from big companies concerning GDPR lately. This can make it difficult for small companies to know how seriously they need to take the legislation.
Although Facebook will comply with the legislation, Mark Zuckerberg said recently that the network has no plans to extend the strict rules of the GDPR to their users outside of the European Union.
Apple, who have been proactive about the GDPR, have hit out at Facebook. CEO Tim Cook accused the social media giant of “failing to regulate itself.”
In the UK, the NHS, the British Heart Foundation and other charities are also embracing the change.
Natalie Banner, Policy Advisor with science charity Wellcome, said that the legislation requires very high standards of consent, yet this has turned out to be a positive move.
“This would’ve made a lot of research incredibly difficult, because you can’t always anticipate at the time you seek consent quite how you might want to use the data to answer new research questions in future,” she said.
“There was a really great Europe-wide patient-led movement trying to make sure that research can be protected. The GDPR has ended up as a really good piece of legislation, and one that the research community supports, because it does a great job of enhancing people’s rights, but that’s well balanced with the right safeguards so that research can continue.”
It’s clear that its not only necessary to become compliant with the GDPR, but can even be more beneficial to your business than it first appears.
GDPR Compliance for Small Businesses – Delaying the Inevitable
It appears that there are still a large number of companies that are not making the necessary preparations for the GDPR. For a recent article, Forbes asked 34 companies about their plans for the legislation.
Five companies said that the GDPR would not affect them, while just ten offered a response. Many of them outlined their plans, saying that they have a team working on GDPR compliance. Many of them also said that GDPR was an opportunity to improve engagement with customers.
By failing to prepare adequately, the remaining 19 companies may be leaving themselves exposed to penalties for non-compliance. These can include fines of up to €20m or 4% of annual global turnover, whichever is higher.
GDPR Compliance for Small Businesses – Steps to Take
Among the steps that companies should be taking for GDPR compliance are making an effort to improve transparency and accountability.
This involves explaining to data subjects how their data will be collected, processed and shared. Companies should also appoint a Data Protection Officer (DPO) who will be responsible for monitoring the company’s GDPR compliance.
Companies should also make themselves familiar with the new data rights that the GDPR will provide to data subjects. These include the right for individuals to access and correct their personal data, or request that data held be erased.
There should be discussions around how the company obtains consent from data subjects. Organisations may be required to demonstrate that consent has been sought for each and every data processing activity. Consent should also be as easy to withdraw as it was to provide in the first place.
GDPR Compliance for Small Businesses with Zymplify
Zymplify is already helping companies become GDPR compliant. This involves appointing a Data Protection Officer and adopting an opt-in system for marketing consent.
To find out more about the steps your small business needs to take before the GDPR deadline, sign up for a demo.