The General Data Protection Regulation (GDPR) is an EU regulation that is in force from 25th May 2018. GDPR is designed to give greater rights to individuals to control their own data and how it is used. It requires organisations to be more accountable for their data processing activities by not only requiring them to comply but demonstrate how they are doing so.
We live in a digital age where more and more data is processed in less and less transparent ways, resulting in greater intrusion into our private lives. This regulation puts the emphasis on organisations to prove that they are doing no harm by processing our personal data. Personal data can exist throughout a business, it is not just about customer or client data – employees’ personal data and details of suppliers and other contacts are also covered.
So what do I need to do?
Basically, if you collect, record, store, use or disclose data for your own business purposes or that of another organisation, the GDPR regulations apply to your business. Knowing where and how to start can be daunting, especially for smaller businesses where the focus and attention is often on keeping up to date with daily business needs, so where do you start?
1. Pay your ICO fees
Any organisation in the UK processing personal data needs to pay fees to the UK regulator, the Information Commissioner’s Office (ICO) before 25th May 2018. This replaces the previous system of registering with the ICO. Find out more about ICO fees and requirements or visit the ICO website to pay.
2. Identify who takes the lead for GDPR
While everyone has a part to play in helping to keep data protected, one person must take accountability for making sure your organisation complies with the General Data Protection Regulation. It’s also a good idea to appoint someone who will take day-to-day responsibility for data protection and privacy management.
3. Identify the personal data you use
The next step is to work out what personal information your organisation uses – this includes data on employees and colleagues, customers or clients, suppliers and other contacts. You need to look at what information assets you have (i.e. the different types of data you hold), how you store them, who in your organisation owns each type of information and who has access to it.
Is there any good news?
According to the Chartered Institute of Marketing, 72% of consumers are actively put off sharing more information with businesses due to media stories of data breaches. GDPR compliance may feel like a lot of work right now but demonstrating compliance is also a chance to clearly show customers, employees and everyone else you work with how you protect their data, it’s a great way to showcase your company’s professional working manner and practices and differentiate yourself from competitors who can’t keep up.
Is there any help out there?
We understand that GDPR is a concern for many small businesses and we are keen to support you through this compliance journey, particularly with only a few weeks until the regulation comes into force. We have teamed up with Astrid to offer our customers are special offer when signing up, Astrid are an online platform to help businesses protect the personal data they hold and meet GDPR requirements.
Astrid has been developed with small businesses in mind, particularly those that handle sensitive data, so we feel this would be a useful service for our clients. Aiming to remove the fear factor of GDPR, Astrid shows small businesses where to start and provides the tools to make it as easy as possible for you to comply – whilst keeping this affordable. You can find out more by visiting www.weareastrid.co.uk – as a Nimvelo customer you’ll get 10% discount when signing up – if this is something that interests you then get in touch with us and we’ll provide you with a code to use on registration.
If you have any queries then please contact Astrid via firstname.lastname@example.org and let them know what sort of help or advice you need.