Like many businesses, the hot topic in the Change Gear office is how do we ensure compliance with the new data protection regulations. Making sense of what we need to do has not been easy, however we have been fortunate to benefit from the wise counsel of Katie Renwick – a valued member of the Change Gear team. In this blog Katie shares her advice for small businesses as they take action and get ready for the looming deadline of May 25th.
As a small business, understanding exactly how a new piece of legislation will impact on us and our clients, can be quite challenging. Being able to understand the legislation itself, as well as sifting through what can sometimes feel like ‘Doomsday Declarations’ from industry commentators to get to the heart of what it really means, can take time and energy you may not have planned to spend. There have been some big hitters recently in new legislation for larger businesses; Gender Pay Gap reporting and the Apprenticeship Levy, for example, while for smaller businesses there has not been much significant change since the Living Wage was introduced.
The General Data Protection Regulations 2018, GDPR, comes into force from 25th May. In a nutshell, the regulations increase the levels of accountability for businesses to demonstrate they handle data in a professional, transparent and, most importantly, an agreed way. It is a necessary update to the 1998 legislation, as the world we now live in thrives on data which is available across a range of digital platforms as well as the traditional files and papers. The increased occurrence of identity theft on an individual and mass level as well as an increase in social media targeted marketing, often without knowledge or consent, has prompted the EU to introduce this legislation. It is an attempt to tighten the rules and improve the options for the individual to choose what can, and cannot, be done with their data.
So how do we gain the understanding about GDPR and, in reality, what will it change for me and my business? The great news is that the Information Commissioner’s Office, ICO, has provided a number of easy to access infoguides explaining what the legislation is on their website, www.ico.org.uk. Their approach is to engage with businesses and the public to create confidence and dispel the myths and fear of the unknown that inevitably accompanies such a change. They emphasise that the principles are based largely upon the legislation that we have been working within, the Data Protection Act from 1998. In recognition of the different impact this legislation may have on different size businesses they plan to issue a specific guide for SME businesses which will be more relevant for those of us who do not have an internal legal, HR or Finance department to provide the right level of guidance..
While the information on the ICO website helps explain what the legislation is, there is a gap in terms of understanding what needs to be done. Utilising an expert to help identify the risks and opportunities that this legislation presents is key. Within a relatively short period of time you should be able to identify where change is needed as well as the practical steps, processes and policies needed to put the change into place.
In terms of what it will change for your business there are a number of key considerations:
- What data do I have?
- How do I store, access and share that data?
- Do I share the data outside of my business with third parties and where are they based?
- How will I obtain consent going forward and how will I meet the individual rights obligations?
- How will I handle data breaches and reporting should it happen?
- What training do I need to provide to the team and how will I test understanding?
A core aim of the legislation is to limit unscrupulous activity, such as the alleged, illegal data harvesting and sharing from Facebook to Cambridge Analytica and beyond, it is not designed to limit our ability to market our business services or support our clients. It is an opportunity to review how we do things, cleanse our systems and consider how we communicate, particularly when using email, going forward. With that in mind, we may be in touch more often asking you to confirm you’re happy to keep hearing from us.
To support our clients we have created a practical GDPR pack, available as templates to tailor inhouse or with expert, consultancy support to assess how the change will impact you and your business.
Contact us at firstname.lastname@example.org or call us on 07714 793669 for an informal chat as to how we can best help your business.