GDPR – what does it mean for the SME?
The General Data Protection Regulation (GDPR) which comes into effect in May 2018 will have an impact on the way in which businesses process and store the personal data of EU citizens. Many businesses, especially SME organisations are concerned as to how exactly this new regulation will affect their business.
As was mentioned previously, this regulation will build on an existing framework of current data protection and cybersecurity laws in the EU in order to bring data protection into line with new developments in technology.
Spector IT is industry experts in data protection and cybersecurity and can offer your business peace of mind in knowing that you are fully prepared for the incoming GDPR legislation.
How will it affect the SME?
The GDPR expects all businesses, regardless of size, to fully comply with the regulation by the time of its implementation next year. It is expected that SME companies manage their data processing and risk management in the same way and to the same extent as larger organisations.
However, there are a number of exemptions which appear to make allowances to the SME organisation and the smaller risk that these companies may pose to the privacy of EU data subjects.
One of the main requirements under the GDPR is for organisations to appoint a Data Processing Officer (DPO). It is unlikely that this requirement will affect SMEs unless your organisation is processing large amounts of personal data relating to sensitive data i.e. ethnicity. However, it is advised to appoint an outsourced DPO to ensure that you are compliant and that your data protection strategy is up to date.
In the case of minor data breaches, where the breach in data protection does not cause serious harm to the privacy of an individual there is no obligation to report this breach to the individual.
How should an SME prepare?
If you have not started preparing for the introduction of the GDPR it is important, as an SME company, to do this as soon as possible. Below is a guideline of important areas to focus on while preparing for GDPR compliance:
Determine the need to appoint a DPO
Even if your company does not process a large quantity of sensitive data, it may be beneficial to appoint a designated DPO in order to help with ensuring compliance and in order to drive accountability.
Document your data processing procedures
It is advisable to keep records of all your data processing activities immediately and to be efficient in documenting these activities on a regular basis. Spector IT’s consultancy services can offer your business an IT roadmap to help you in determining the best approach method to data processing.
Examine your level of risk
Determine your company’s potential risk areas of a data breach in terms of the privacy rights of customers. If you feel that your company may be at risk of a data breach, it is important to put the necessary business and data protection procedures in place.
Make sure that you are transparent when dealing with privacy concerns
Ensure that your customers are completely aware of the way in which you will be processing their data and acquire the necessary consent before processing customers private data.
As part of the Spector Protect Package, our service will provide your business with a one-stop-shop solution to IT security, risk management and data protection. Our protection solutions include multi-layered support, disaster recovery and GDPR preparation. Get in contact with us today for all your compliance concerns!