The GDPR comes into force on the 25th May 2018, so time is running out to make sure that you’re prepared for the new regulations. If you’re still not quite sure what the GDPR actually is, or what steps you need to take, we’ve put together a ‘GDPR for dummies’ guide that will help you to make sure your business is compliant with the new regulations.
What is the GDPR?
The GDPR is a set of new regulations that replace the regulations set out in the EU’s Data Protection Directive, with the aim of harmonizing data protection regulations.
The GDPR overhauls how personal data can be collected, used and stored, with the aim of giving individuals greater control over their data. Businesses will be liable for larger fines and sanctions should they suffer a data loss or breach, or if they are found to be breaking any of the terms of the GDPR.
GDPR compliance requirements
The GDPR requirements that businesses must abide by can seem complicated, and there is a huge amount of conflicting advice available online about steps that must be taken before May 25th. Although it’s always best to get professional advice about your individual business and circumstances, generally the GDPR requirements can be broken down into a few main areas.
When collecting data from customers, such as email addresses, you must explicitly state why you’re collecting the data and what it will be used for. You must also allow customers to opt out of certain uses of that data.
For example, if you collect email addresses for a mailing list you must let the customer know what emails they may receive and how often, and allow them to choose which types of emails they want to receive (i.e. they may wish to receive emails about sales, but not monthly newsletters).
Data security is paramount under the GDPR, and companies that secure data unsafely or suffer a data breach are liable for fines of up to €20m. Make sure to practise good data safety, for example: use strong passwords, two-factor authentication and never use the same password on multiple sites. Also, make sure your digital storage systems are up to date, and that the software you use is GDPR compliant.
The GDPR gives individuals greater control over their data. From 25th of May, you must allow customers to view, access and update any data you hold on them and you must also remove their information from your systems if they request.
Last-minute GDPR action plan & getting more advice
If you’re yet to take any steps to make your business GDPR compliant, it’s not too late to start. The ICO, Information Commissioner’s Office, who deals with the UK’s data protection laws, has a wealth of information and guides available on their website for businesses who need to become GDPR compliant. Their hotline is also available for you to ask questions, and receive free and impartial advice.
You may also be able to get advice from your local business centre, council or through online guides and seminars,
To make sure your business’ accounting activities are GDPR compliant, make sure to get specialist advice from our accountants. Get in touch with our accountants in Manchester or in Media City, Salford to find out how we can help you.