Now that the planned General Data Protection Regulation (GDPR) changes are just nine months away, there are likely to be a number of firms – of all sizes – still scrambling to discover what they need to do to be compliant with these changes, in order to avoid the hefty publicised fines.
The best place to start is to become familiar with the detail of the GDPR and how the incoming new rules will affect your existing business, date use and storage planning. It’s also useful to know the GDPR rules that have been specifically designed for small businesses, or SMEs.
SME GDPR Regulatory Caveat
Following a lengthy consultation period, the incoming GDPR has recognised that smaller businesses aren’t able to achieve exactly the same as larger businesses. And also, that not all the rules that are relevant to bigger firms are relevant to SMEs.
Indeed, in article 30 of the regulation, the GDPR states that businesses with fewer than 250 employees are exempt from much of the legislation – “unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.”
However, considering how much data is requested, processed, used and stored by most businesses of all sizes, small business advisory specialists Global Resources LLC, are of the opinion it would be prudent for SME’s to create new personal-data related guidelines, in line with much of the GDPR.
Back to GDPR Basics
As you will no doubt be aware, GDPR has been designed to replace existing data privacy laws and more robustly protect consumer’s private data after it’s shared with different businesses. This is more important than it was when the original data protection acts were created, due to the much broader use of online shopping and activity which requires people to share their private data.
The key changes from existing data laws, that are addressed in the GDPR include:
- Increased territorial scope – where companies around the world handling private data from EU citizens must comply with the GDPR rules.
- Penalties – the potential fines are much bigger than in the past.
- Consent – consent for use of private data must be implicit rather than implied.
Therefore, while some small businesses are potentially exempt from these rules, it would make sense to act in accordance with them as much as possible, so you’re prepared if your business grows and exceeds an employee count of 250. And also, it’s always a good idea to treat your customer’s data with the respect and privacy it deserves – and that you would no doubt like your private data to be treated with, too.
With that in mind, making some changes to the text you use around consent and data use is something you could change quite easily, to become GDPR compliant and also put your clients’ minds at ease, with regards to your use of their private data.
Hernaldo Turrillo is a writer and author specialised in innovation, AI, DLT, SMEs, trading, investing and new trends in technology and business. He has been working for ztudium group since 2017. He is the editor of openbusinesscouncil.org, tradersdna.com, hedgethink.com, and writes regularly for intelligenthq.com, socialmediacouncil.eu. Hernaldo was born in Spain and finally settled in London, United Kingdom, after a few years of personal growth. Hernaldo finished his Journalism bachelor degree in the University of Seville, Spain, and began working as reporter in the newspaper, Europa Sur, writing about Politics and Society. He also worked as community manager and marketing advisor in Los Barrios, Spain. Innovation, technology, politics and economy are his main interests, with special focus on new trends and ethical projects. He enjoys finding himself getting lost in words, explaining what he understands from the world and helping others. Besides a journalist, he is also a thinker and proactive in digital transformation strategies. Knowledge and ideas have no limits.