It’s pretty obvious to all of us that GDPR has been causing a lot of stress and we’ve all being inundated with emails about it. But there’s really no need to panic, there are simple steps you can take to make sure your small business complies with the new regulations which came in to force on 25th May 2018.
The main thing to note is that many of the main concepts are the same so if your company is complying with the previous data protection act you are already in a good place to start. There are some new things you may need to implement and some things you will need to do a little differently. There are lots of helpful resources out there to help you understand the new regulations. Ultimately, It’s worth remembering that GDPR is an ongoing thing, the enforcement date has passed but data protection is ever evolving.
Here is a useful list to help you understand what your small business needs to do:
- Check your products and services to see which ones collect and process personal data. Make sure you have a legal reason for processing the personal data and that you can comply with individuals rights ie; how you would delete personal data.
- Make someone responsible for data protection and check to see if you need to designate a Data Protection Officer. Make sure all of your staff have data protection training.
- Make sure systems that handle and process personal data are secure.
- Check if you need to be able to verify individuals ages and obtain parental/ guardian consent for any data processing.
- Review how you currently seek and manage consent. If they don’t currently meet the GDPR standard you should renew existing consents.
- Review how you would handle any data breaches and make sure you have the right procedures in place.
- Check your current privacy notices are GDPR compliant.
- Check if you need to pay a Data Protection Fee to the ICO.