On Monday I shall be at the GDPR Summit in London, helping DBR Data to support SMBs and SMEs to get GDPR compliant with the help of GDPR Mentor software. They have until May 25th and whilst there is no reason to be scared, there is every reason to make sure you are compliant. Thankfully, the days of data mis-using or abusing data should disappear, but it won’t happen overnight.

Ready?
GDPR in a Nutshell
As I have said in a previous post, it is all about transparency but that starts with awareness. Companies have got to know, and be able to account for, every movement of data that occurs, with both electronic and physical data. If there is a data breach, they have just 72 hours to provide a report about what has happened and how. If your company had a breach of data on a Friday, would you be able to report on it by the following Monday?
1st Step: Awareness
The first step to compliance is awareness. Are you aware of:
- What information you store
- If any of the data is ‘sensitive’
- Why you are storing it
- Where and how you are storing it
- How you use it
- How long it is stored for
- Who has access to it
- How it is being transferred, when, and why
Why Are You Holding The Data?
Ask yourself:
- Is there a legitimate interest? I.e. In order to perform a service e.g. ‘It is time for your dog’s booster’
- Do you intend to use the data for marketing? E.g. To send out emails telling them about other products/services.
If your intention is to use it for marketing purposes you must be compliant with ePrivacy Regulation (currently known as PECR).
GDPR – a Chance to Tidy Up
This sounds like a massive chore but on the plus side, think of it as a chance to streamline your processes, reduce costs, clear out unnecessary/unused data and introduce a more structured, manageable system. Added to that, you are reducing the risk of hefty fines by gaining compliance.
GDPR Next Steps
- The first step is to create a privacy notice on your website. This is your chance to be open and transparent, tell people what you are holding and why, how it is held and what you intend to do with it. DBR Data offer a free Privacy Policy generation tool.
- The time-consuming part is yet to come, you need to make yourself fully aware of your data systems and of any data transfers that happen within your organisation, you must now be able to account for it. Software is available to make this process comprehensive and straightforward.
- Contact every individual making them aware of your Privacy Policy and crucially, giving them the option to withdraw their data.
Your data subjects have rights over their data management including the ‘Right to Erasure’. For a complete summary, the ICO have produced a ‘12 Steps to Take Now‘ guide.
GDPR Make it Happen
If you have been ignoring GDPR and hoping it won’t affect you, now is the time to look it in the eyes, grab it by the horns and steer it the way it has to go. There are benefits to be had for businesses as well as consumers.
Providing Small Business Support makes me happy, have a look around my Blog.