5 Tips for SME’s to comply with GDPR in
What is GDPR?
Digitalizemenow offers small and medium size businesses bespoke web designs and fully integrated management of their digital marketing platforms. As such, we’re up to date with new developments in anything digital.
Over the last few months, the recurring question ‘What is GDPR’ has been raised from clients, friends and even students discussing its impact on Irish businesses at the local bus stop. The GDPR has only just come into force and already Max Schrems files first case under GDPR against Facebook and Google. So the GDPR definitely needs to be taken seriously!
So, with that in mind, I thought I would attempt to write a blog covering “some of the basic questions” posed recently, GDPR 101 if you like! This is mainly for the interest of small businesses.
Small businesses are exempted from hiring a full time data protection officer!
What does GDPR mean?
General Data Protection Regulation or GDPR is in force as of the 25th of May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
What does it do?
The GDPR emphasises transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy.
How does it affect small to medium enterprises?
While every business in Ireland must abide by the new laws, the GDPR, under Article 30, acknowledges that it is not feasible for small businesses to abide by some of the new legislation, which includes:
Businesses with fewer than 250 employees, not collecting a lot of personal data are exempt from:
1. hiring a full-time data protection officer
- keeping formal records about company data processing methods
- reporting minor data breaches as long as there is no risk to the rights of the people involved.
What main changes will affect a small business?
Small businesses will be accountable with any breaches and could pay up to 4% of their profits if a breach is proved. In a nutshell, if you collect personal details in relation to customers for your business then you must:
1. keep customer data details safe – i.e a good strategy is to make the manager in charge of using this data, don’t give everyone in your business access to it!
2. Do not use their information for anything other than what it was provided for.
3. If you have text, newsletters or the like, you must have a clear opt out button/notification
What data is included in the GDPR?
There are two main types of data under the GDPR: personal data and special category personal data.
Under the GDPR, personal data is data that relates to or can identify a living person, either by itself or together with other available information. Examples of personal data include a person’s name, phone number, bank details and medical history.
Organisations that collect or use personal data are known as data controllers and data processors.
Special category personal data
Special category personal data also known as sensitive data means personal data relating to any of the following:
- · Racial or ethnic origin, political opinions or religious or philosophical beliefs
- · Member of a trade union
- · Physical or mental health or condition or sexual life
The processing of special category data is prohibited unless the data subject has given their explicit consent before processing begins or the processing is authorised by law, for example, to protect the interests of a data subject, to comply with employment legislation or for reasons of public interest.
There is much more to know about the GDPR, and if you’re up for a long boring read go to: https://www.oireachtas.ie/en/bills/bill/2018/10/
For a small business, I have summarised 5 tips bellow that will get you on the right track!
- 1. Be Aware of the new legislation requirements.
- 2. Develop a GDPR policy for your business that covers, what data is to be collected, who will have access to it, where it will be stored and how it will be used.
- 3. Review current data storing procedures. Remember, if a customer wants to see what data you have for them, you have to show them!
- 4. Ensure clients/customers know what their data will be used for.
- 5. Make sure all newsletters, texts and other communications have a clear opt out option.
These new laws are here to protect all of us, so lets keep this going forward. It is absolutely the right direction.