A worrying report was released a few months ago stating that almost one in four small businesses in the UK had taken no action regarding the new GDPR. In this frenetic world, we understand that statutory changes get somewhat shoved under the carpet- but GDPR is not something you want to ignore; the fines for non-compliance are higher than ever.
Luckily, we’ve created this guide so you can canter to compliance:
- Firstly, it is important to raise awareness of the change to GDPR and explain to your employees what the process entails and why it is significant.
- Secondly, you must seek to include all your employees, suppliers and customers. To comply with GDPR requirements you must check the information you hold and why you hold it, within each department at every level.
- It could be beneficial to appoint a Data Protection Officer (DPO). The GDPR does not state that the DPO needs to be a discrete position and hence your company may already have someone of a similar job description that would be able to fulfil the role of DPO. The GDPR allows DPOs to work for multiple companies so there is also the option to outsource this position.
- The next stage is to either construct a data protection plan or review your existing plan to ensure it complies with GDPR requirements.
- We recommend that a risk assessment be carried out so that you are aware of the information you store and process on EU citizens and understand the risks around it. The test will also identify if you have any IT storing data of which you are presently unaware.
- After this assessment it is necessary to act upon the information the risk assessment reveals in order to mitigate these risks.
- Following this, you should perform an incident response check to ensure your company is able to report serious breaches within the 72-hour window that the GDPR requires. Less serious breaches must also be reported. A failure to report this information within this time period will result in exponential fining!!!
Does GDPR affect me?
All companies, including smaller companies, will be affected by GDPR, though some more significantly than others. Currently, you may not have the resources needed to meet all that GDPR requests, but it is imperative not to ignore these impending regulations. Our team can give you consistent, personal and tailored support throughout the GDPR compliance process.
For more information on how you can benefit from our services contact Philippa Keith on 020 76375216 or at firstname.lastname@example.org