What Does My Business Need To Do About GDPR?

In May 2018 new data laws will come into force which will require businesses to change how they store customers’ data.

General Data Protection Regulation (GDPR) will mean any business or organisation collecting data from EU citizens must become more transparent, to give individuals better access and control of any data on them.

If you misuse an individual’s data, or are unable to produce evidence of their ability to access their own data, new laws will mean your business could be fined a considerable sum. GDPR will also extend the meaning of ‘personal data’ to include an individual’s IP address and their posts on social networking sites.

If you ask of any kind of data from individuals, whether through email marketing, newsletter sign up forms or even a short yes or no survey on your website, you’ll need to change how you store data.

Assess current data storage format

Evaluating your current systems should be your first port of call when you’re preparing for the introduction of GDPR.

As of 25th May 2018, you’ll be required to be able to explain how you’ll use data and guarantee its security to the best of your ability. Between now and next May, you should look over your current processes and pinpoint any systems which may conflict with new laws, or which may have weak points.

Secure the data

Once you’ve assessed where the weak points are, you should come up with new systems which will ease your data processes and secure individuals’ information.

If you’re currently using spreadsheets with multiple versions stored on both the server and locally, you will be putting your customer’s data at risk: Anything that can simply be transferred to an external hard drive or USB drive should be avoided.

In time for the introduction to the new laws, you need to create a secure database where you can keep sensitive information in one secure place.

Prioritise user permissions

Alongside this, your database should also allow you the ability to add, delete and change what certain users can see at any time.

If you are using spreadsheets, it can be difficult to keep track of who has access to what. Spreadsheets can also easily be downloaded and printed, meaning data isn’t as safe as it could be.

Before GDPR comes into force, you need to make sure you know who is able to access exactly what data. A cloud server will allow information to be stored and managed more easily, and encryption will make the likelihood of data being stolen smaller.

Communicate with your staff

During the switchover to GDPR, you’ll need to explain the changes to your staff. Inform them of the law that’s coming into force, and fully explain what actions need to be taken by your company and why.

Once your employees understand, they’ll be able to speed up the process and will be expecting the changes, so they won’t have any nasty surprises and will feel more included in the process.

Set up easy access for customers

A huge factor of GDPR will be customers’ greater rights over access to their own data. For businesses, this will mean setting up a system where customers can easily gain access to their data should they require it.

This should also include the ability for customers to have data deleted or be able to transfer it to a different organisation. The easiest way to provide this to customers may be to set up their own digital storage solution.

While many smaller firms won’t be affected by the new laws immediately, once implemented within larger organisations, it’s likely customers’ need for control over data will require small businesses to soon apply similar systems. If you still have questions about the new data laws, you can have a look at GDPR’s frequently asked questions page here.

Is your business prepared for the introduction of GDPR in May 2018? What are your thoughts on the new data protection laws? Leave your comments in the section below!