30 likes | 43 Views
Our focus is on helping you achieve and maintain GDPR compliance as easily and cost effectively as possible,<br>
E N D
Everything Small Business Owners Need to Know About GDPR Compliance Since May 2018, all businesses and organisations must comply with the European General Data Protection Regulation (GDPR). If you are an owner of a small company, failure to do so can land you in big trouble and you may face steep fines. This article will expose everything you need to know, as a small business owner, about GDPR compliance. The GDPR was notable for two reasons, it gave individuals more control over their personal information and created a single, unified regulation for all organisations across the EU to comply with. The GDPR applies to all organisations within the EU. It also applies to all organisations outside of the EU that handle the personal data of EU citizens. Thus, if your company’s activities comprise of handling personal data, it is regarded as essential (and sometime a legal requirement) to appoint either a Privacy Manager or a Data Protection Officer (DPO). These professionals will make sure you adhere to the rules of GDPR and be the point of contact for any data protection related questions. Many individuals across the globe are in favour of the GDPR since they now have more power over how companies and business organisations use their personal information. This regulation now gives people the fundamental right to be forgotten. This can force an organisation to delete your personal data if you don’t want them to keep it. Below you will find a checklist for small business that can come in handy. Know your Data: It is imperative to be keep a rigorous record of what types of personal information (e.g. bank details and addresses) as well as sensitive information (medical and religious affiliation) that you keep. This document is called a ‘Record of Processing Activities’ and is a legal requirement to create
and maintain. As a business owner, you should be familiar where you got hold of that data, where it is stored, and how you tend to use it. Consent: If you are using consent as your legal basis for processing data, the GDPR gives strict rules on how you must obtain consent and how you must manage it. Due to the strict rules around consent, if you can use another legal basis for processing personal data, it is best to avoid consent. Security: To ensure that your company is GDPR-compliant, ask a compliance specialist company, to do a healthcheck, and if needed, update your policies and security measures. It is always recommended to use encryption tools to protect your data. Respond: Under the GDPR individuals have new fundamental rights. You are legally obliged to deal with these access request as soon as possible and within one month of first receiving the request. Individuals can now request assess to all the information that you store about them (often called a Subject Access Request). If there is inaccurate data, they can have this data corrected and, in some cases, even erased. Training: Make sure your employees are familiar with GDPR by giving them proper training. At a minimum they should be familiar with the GDPR fundamental principles, individual rights, and should learn the basics of recognising a breach and how to deal with it. Supply Chain: It is worth noting that your supply chain should also be GDPR- compliant to evade fines. Fine comb your contract terms – suppliers also have commitments, such as to alert you promptly of any data breaches. Fair-processing Notice: Under the GDPR, you are required to inform individuals what you are doing with their personal information and how you are using it. A fair-processing notice offers them this information and will disclose how you are handling their data, and how long it is in your possession.
DPO: To find out if you need to appoint a Data Protection Officer, it is best to, ask a compliance specialist company with a good record of accomplishment, to do a healthcheck. If they discover any core activities include ‘systematic or regular’ large-scale monitoring of data subjects, they will advise you how to hire a DPO. In conclusion, if you are an owner of a small organisation or business, you might see GDPR as a nuisance. But it is actually an opportunity to grow your business. Having confidence plays a major role in the success of your business. By showing potential clientele that you are GDPR compliant, you could end up better off. About Us About Us Tacita is a GDPR compliance audit company based in the United Kingdom. Our focus is on assisting companies and organisations to achieve and maintain GDPR compliance easy and cost-effectively as possible. As a reputable company, we strive in giving companies self-assurance that they are doing the right thing, and GDPR compliance peace of mind. We focus exclusively on GDPR assessments so are truly independent. We have a range of services to suit all organisations and budgets. We don't leave you with a problem, we 'close the loop' and provide prescribed solutions for the recommendations. For more information visit http://www.tacita.io