Well, if you are a SME owner, the answer is Yes.
GDPR stands for the somewhat boring title of General Data Protection Regulations, which is a piece of EU legislation which comes into force in May 2018. And before you ask – Brexit won’t affect it because the government has already committed to bringing it into UK law.
They have to do this to enable UK firms holding personal data to do business in Europe.
What about the existing Data Protection Act?
That was brought into law in 1998 and since then the digital scene has exploded, cyber security is now a major concern, and we hear regular stories of data breaches. So the law needed to catch up to protect individuals now that much more of their data is kept in digital form.
The changes are significant. An EU citizen (and in the future a UK citizen too) will have many more rights over how their data is obtained, held, used and processed. Which is great for you as an individual, but for your business you will need to take more care of the personal data you hold. It doesn’t matter where in the world the data is processed, GDPR will still apply.
What’s ‘personal data’
At its most basic level this means email and postal addresses, dates of birth etc. This extends to health and insurance records, financial data such as credit scores, all the way through to CCTV footage, fingerprint and other biometric data. In short, any data that pertains to an individual will fall under GDPR.
Why do I need to take notice of it?
The penalties for misuse of personal data, including accidental loss, will be much higher than under the Data Protection Act. Up to 4% of turnover will be the maximum fine.
What UK office will be responsible?
The existing ICO (Information Commissioner) will be conferred with new powers to ensure firms comply with the new legislation.
Will I need to change the way I do business?
The chances are you will, as nearly every business holds data about its customers. New processes will need to be put in place to ensure the data is secure, to enable customers to access it, ask for it to be deleted (the ‘right to be forgotten’), and to ensure when it is collected that customers consent to its use. It won’t be as easy as buying a new software package to take care of it.
The earlier you act, the better. Don’t worry, help is at hand. Take some low cost advice on whether your current processes and systems are sufficient, and if not, what needs to be done to make them so. And learn more in the process about how to become more cyber-secure and reduce your risk of becoming a victim of ransomware or other malicious online hackery.
Here’s some stats for you to ponder from the latest government Cyber Security Breaches Survey (2017):
85% of businesses use a website
61% store customer’s personal data
74% say cyber security is a business priority
58% of businesses have sought cyber security advice last year
67% of businesses spent money on their cyber security last year
If you want to talk to a GDPR/ Cyber Essentials expert contact me at Empiric Partners firstname.lastname@example.org.