Data security has been a massive deal lately, as there have there been a lot of important security breaches in a lot of companies, affecting hundreds of thousands of people (the Equifax scandal is just one of these breaches impacting customers). In addition to that, a new Data Protection Act came into play in 2018, if you hadn't already noticed from the hundreds of emails you've received on the topic from virtually every website you've ever signed up to.
But what does data security involve when you're a business? How does the new Data Protection Act 2018 affect you, and what does it means for small businesses? Let's have a chat about it.
What Is GDPR And The New Data Protection Act 2018?
In case you ignored all of those emails spamming your inbox, let's explain GDPR: it's a EU-wide law that has come into force as of 25 May, and it's essentially an upgrade of the 1995 Data Protection Directive. GDPR is meant to enforce and support individual rights to their own data and privacy, putting the power back into their hands, allowing them to control the use of their data by companies and forcing companies to comply to these requests.
What Does This Mean For Your Small Business?
As a small business owner, you are probably wondering if - and how - this affects you. While GDPR will affect each and every business dealing with clients and consumers, the ones that are hit the hardest and have to suffer the most changes are the companies processing massive amounts of consumer data, such as marketers, technology firms, and data brokers.
As for your responsibility as of now, if you are acquiring and using consumer data, you require informed and explicit consent from your customers. However, the process for access and deletion of data can require some tools that your business may not have and that may place a burden on you as an owner, not only as a legal responsibility, but as a financial one.
If you do not collect data (or much of it) in the first place, then it affects you less and you may not need to make massive changes or updates.
What Do You Need In Order To Secure Your Customers' Data?
Okay, let's say you're a business owner and you are ready and excited to work towards securing your customers' data - what do you actually need to make this an effective and safe process? Depending on how large your business is and how big the impact is on your daily processes, it may be worth hiring a compliance officer to take care of this side of the deal for you. GOV.uk explains all you need to know about GDPR and compliance and whether or not you can benefit from the expertise of a professional.
If you do operate with customer data, then it is your legal responsibility to make sure that the information is updated, accurate, and most importantly, secure. It is your obligation to let the consumer know who you are when collecting info, how their information is going to be used, if it's going to be shared and with whom, etc. You must inform them of their rights over their data, including: requesting that their data is not used for certain purposes, requesting the deletion of their data, checking that the information you retain is correct.
Your responsibility is to always respond to requests for data protection in a case where someone wants to know what information you hold about them, and let the Information Commissioner’s Office (ICO) know how you are going to use the customer data.
What Happens In Cases Of Non-Compliance?
To give this new law actual power and enforceability, non-compliance comes with penalties and hefty fines: as much as £17.5 million or 4% of the company’s global turnover. GDPR EU has a dedicated page to fines and penalties if you wish to take a closer look and research further.
In conclusion, GDPR can only bring good things for everyone, as it promotes transparency and a better control over our information. As a business, you may need to make some adjustments and pay closer attention to the way you use data and how you disclose it. If you found this useful, you might also be interested in Top Online Tools For Small Businesses.