What is GDPR and what it means for your business

What is GDPR and what it means for your business

General Data Protection Regulation

General Data Protection Regulation

            GDPR is a law that came into effect on May 25th, 2018. The General Data Protection Regulation is a law that gives people increased control over how organizations and businesses handle and use their data. The regulation was implemented with member countries of the European Union you can see their website here. However, the law has far-reaching impacts on businesses or organizations outside of the European Union that handle data belonging to a European Union resident. Personal data comprises of personal information such as location (IP address, hostnames, browser type), name. health data, online identifiers (gender, purchase history, product interest), bank details, are just some examples.

            So, what does the implementation of GDPR mean for a small business or any sized business? Without a doubt, all businesses must comply with the regulation to avoid instances of legal action. Think about the frivolous lawsuits of the past, forcing business owners to settle lawsuits and forced to be in compliance or face heavy fines.  The regulation requires businesses owners and key decision makers to take various actions which will ensure that they comply.

GDPR has impacts on how a business engages with a customer

Let us talk about 4 things you can do as a small business to ensure your data protection regulation compliance.

  1. Update your business’s privacy policy on your website: The privacy policy of a business should be understandable and clear. The reasons for collecting and storing data should be crystal clear and be readily available to your website visitors.              
  2. Assess contractors and suppliers access to data and compliance: Such an assessment will help determine whether the contractors and suppliers of a particular business have complied with GDPR. Non-compliant parties may negatively affect your business.
  3. Conduct an awareness campaign: Awareness campaigns will enlighten all employees in a business organization on their roles in regards to the GDPR regulation. It also paves the way for managing the team that handles personal data as well as conducting training on how the data should be handled.
  4. Document everything related to data: Using a document management system like Sharepoint in Office 365.  This will allow your software and your employees to document activities pertaining to personal data.  Ensuring that a business is aware of the data in its possession, locations where the data is stored, reasons for holding the data, and personnel who has access to the data. Document management systems enable a business to determine whether any consent is needed while processing such data.

The data protection regulation has impacts on all businesses across the globe, too many to address in this single blog post. The regulation requires companies and businesses to appoint a data controller or a data protection officer who will ensure that the respective business is adhering to and complying with GDPR. Businesses that fail to comply are subject to be fined the greater of 20 million Euros or 4% of the business’s annual revenue.

Since the regulation gives a customer more control over the usage of their personal data, they have been empowered to withdraw consent that allows a business to use their data whenever they want. GDPR also affects the manner in which businesses conduct their marketing activities. For example, businesses have been forced to review applications and business processes to ensure that they comply with best practices in email marketing. Businesses must further prove that customers gave their consent to receive communication regarding marketing. As a result, a business must ensure that it can provide an audit trail of the data beginning from the time it was stamped. Without a doubt, the implementation of GDPR has many impacts on a business.