In recent weeks, we’ve been getting an increasing number of queries from clients about the GDPR, that’s the European-wide General Data Protection Regulation for those who have yet to have it on their radar – and if you haven’t, don’t worry, you soon will. We very quickly realised that we all have the same questions and the similar concerns- what is it? What does it mean? Does it affect me? Is it going to cost me money?
The legislation takes effect on 25 May 2018, so there is still time for us all to get ready, but as the old saying goes – there’s no time like the present….
To answer the first obvious question: yes, the GDPR applies to us all to some extent, whatever the size and nature of your business if you collect any information from which a living individual might be identified, even if for you that means only collecting names and email addresses to send out a quarterly newsletter. Those of us who sell goods or services are likely to have information relating to someone’s address, their bank account, their employees and/ or even their clients depending on our working relationship.
Although “Data Protection” has had its fair share of bad press over the years and we’ve probably all got examples of its name taken in vain by overzealous officials, it is there to protect us and our personal information. It’s right that as businesses we act responsibly in the way we treat information we’re entrusted with and that we can be held accountable if something goes wrong.
So yes things are changing, and rather than see it all as a hindrance, we should see it as an opportunity to carry out a spring clean of our records and data-protection related policies. This doesn’t have to be onerous and nor does it need to cost money. Your first port of call should be the Information Commissioner’s Office which provides a wealth of free-resources that cut through the jargon and help all of us to identify what action we need to take and how we should do it.
The ICO has a comprehensive Guide to the GDPR which is supplemented by a number of tools to help us all to prepare. Particularly helpful is the ‘GDPR: 12 steps to take now’ and the ‘Getting ready for the GDPR checklist’. They have also set up a dedicated telephone advice line specifically to help small businesses. Do check it out.