The introduction of the General Data Protection Regulation (GDPR) on Friday May 25th 2018 is set to be one of the most important events affecting businesses this year.
GDPR will change data security and storage rules, giving consumers more rights than ever before over how organisations use their personal information, including their contact details, as well as things like their website URLs.
Businesses need to spend the next few months making sure they know exactly what personal data they have on file, where it is stored and who has access to it, letting their clients and customers know this information and giving them the choice to opt out of having their data stored by the company.
If someone wants to know more about what data you have on them or wants it deleted, your business will be legally required to respond accordingly, or face a significant financial penalty – not to mention potential reputational damage as well.
Basically, GDPR is all about improving data transparency and security and giving more power to the consumer over how their personal information is used.
What if I’ve not started preparing for GDPR yet?
If your business hasn’t started its GDPR preparations yet, don’t worry, you’re not alone.
According to recent research from Mailjet, two-thirds of small firms aren’t yet compliant with GDPR, and will need to spend the next few months preparing. Among new businesses, this figure rose to 91 per cent.
Depending on the nature of your business, the volume of work you’ll need to do in order to get ready for the legislation will vary. Everything from old CVs you’ve got on file to your marketing database and past client information will need to be audited ahead of GDPR’s arrival – even those boxes full of paperwork in the store cupboard that have been lying there for years untouched.
A report from Cleardata found that as many as 66 per cent of small businesses in the UK have no proper document management strategy at present, and could be putting themselves at risk of GDPR-related fines as a result. A total of 17 per cent of survey respondents even admitted to storing old paperwork in a staff member’s garage or shed – a serious data security risk.
As David Bryce, managing director of Cleardata, explained: “This can leave vital and sensitive information open to theft and damage and also make it difficult to find quickly if needed for legal or data compliance purposes.”
Regardless of what your approach to data storage has been in the past, the upcoming arrival of GDPR presents an opportunity to sort through everything and make sure you have the correct permissions for the data you do have on file.
How long will preparing for GDPR take?
Getting ready for GDPR will require investment of time and resources, but it’s important to spend that time now, rather than risk a fine for non-compliance further down the line and to prevent any more time from being wasted.
Research from Senzing predicts that unprepared businesses could end up spending up to 172 hours a month carrying out data searches once the legislation comes in if they aren’t investing time now in bringing their data in line with GDPR.
However, some companies will be required to appoint a data protection officer under the legislation, so they will be the main contact responsible for ensuring compliance, which should help to ease some of the burden on the rest of the organisation and its staff.