By Infraweb | February 6, 2018
As the 25th of May 2018 approaches many small businesses are still unaware exactly what the expectations of the new GDPR Legislation are for their business. GDPR takes the principles set by earlier data protection legislation and expands upon it to provide more governance in a world that has become more data-driven.
The big changes are centered on the way data security and breaches are handled with an organisation, and how consent is obtained. The GDPR will expand the rights of individuals and how much control they exert over their personal data to an extent never seen before. That’s because the GDPR puts great emphasis on the fact personal data is the property of the individual.
At Infraweb we can't recommend the Information Commissioners Office ( https://ico.org.uk/for-organisations/business/ ) website enough to get started with understanding GDPR. They have some excellent guidance for small businesses ranging from FAQ's and checklists to information guides and helplines.
For us as a team we have a good understanding of the constraints and impact GDPR will have on small businesses going forward. Here are some of the key questions small businesses should be asking themselves in preperation :
- Have you made people aware of the legislation within your organisation and the impact ?
- Have you documented any personal data you hold, where it came from and who you share it with ?
- Would you be able to delete personal data or provide data electronically and in a commonly used format ?
- Have your reviewed and updated any current privacy notices ?
- How will you handle requests from subjects for data held within the new timescales ?
- Do you have sufficient procedures in place to deal with data breaches ?
- Do you have designated data protection officer ?
So, If you have any questions regarding the impact on your website, any software you run or business processes then please get in touch.