Skip to content

GDPR for Small Business Owners – How to Make Sure you’re Ready

Back in August last year, we brought you some information on the new data protection rules – General Data Protection Regulation, or GDPR will be introduced in May 2018.  Once the new rules are in place, UK businesses could be fined up to €20 million or 4% of their global turnover for not complying with legislation.  A survey carried out at the time revealed that only 22% of small businesses were aware of the changes to come. 

As of May 2018, the General Data Protection Regulation will replace the current Data Protection Act and this will have implications for your business and the information you hold on employees, clients and prospects.  Making sure your business is ready for GDPR should begin now, if you haven’t already made a start.  The new GDPR rules come into effect on 25th May, 2018 so making sure you have everything ready for the change is absolutely essential and there’s not a lot of time left to prepare. 

As we approach the deadline for the new rules, we’re going to bring you some of the information you’ll need to ensure that your business is compliant and not hit by a massive fine in the future.  This is an issue that will affect all businesses in every sector.  The European GDPR is designed to give citizens and residents more control over their personal data and how it is stored by businesses and to simplify the regulations for international businesses with one unifying regulation that stands across the European Union.  The UK government has already confirmed that Brexit will not affect the GDPR start date or its immediate management.  After Brexit, the UK’s own law (or a newly proposed data protection act) will directly mirror the GDPR, one issue which we can be sure of as Brexit approaches and we face the uncertainties that it brings.

First of all we’re going to provide you with a checklist of what you need to do to prepare for GDPR, making it easy to ensure that you have everything in place ready for May 2018.

  • Read up on GDPR to familiarise yourself with requirements and make sure you understand the subject properly.
  • Review and update all of your existing information on data protection policies.
  • Health-check all of your current business relationships.
  • Make amendments to any of your business documentation that refers to or mentions data processing.
  • Check that you have suitable systems in place to notify the regulator if a data breach should occur.
  • Make sure your IT systems are set up in such a way that enable you to delete data in a comprehensive manner.
  • Take steps to ensure that your employees have consented to the use of their data.
  • Review all of your current privacy notices and update them in order to ensure that they comply with the new legislation.
  • Perform a full review on any arrangements you may have that involve personal data being held outside the UK.

As we cover this issue in more detail in the coming weeks, make sure not to miss out on any of the vital information that you need for your business – why not follow us on Facebook or Twitter so that you’re notified of the new articles as they’re published?