GDPR and 8 aspects for a small business owner to consider

by | Oct 26, 2017

When you mention GDPR, you do not get a positive response from most people!  However, it is something that we cannot ignore.

Many small business owners or individuals think that it will not apply to them and have the attitude “I am just a one-man band” or “My company is too small it is not something that we need to consider”.  Think again, it will affect all of us in some way and we need to be prepared.

So here are some aspects that you may not be aware of and knowing them now will give you time to consider how this may affect you.

  1. You must meet requirements if you are working with clients in the EU. So even though we are due to come out of the EU in 2019, as GDPR comes in to force in May 2018 we are affected.
  2. What does GDPR relate to? Any personal information, email address, IP addresses, text messages, structured paper records. These must all be appropriately secured.
  3. There are new regulations around the collecting of personal information. You can no longer assume if someone gives you their business card at a networking event that they are happy to be added to your email newsletter lists.  They must opt in.

I am sure you, as I do, receive plenty of newsletters from companies that you cannot remember meeting at an event who have contacted you because they collected your card. If you gather personal information this way, you will need to keep it securely and ensure that they indicate a positive intent to subscribe to your mailing lists.

  1. You will no longer be able to export a list of contacts from i.e. LinkedIn in to your mailing lists. Once again you will need to ensure that you get their permission to receive your newsletter.
  2. These regulations will also apply to historical data. You will need to ensure that all those subscribers currently on your mailing list opt in again or you are able to prove that they have given their permission to be added.
  3. If you use cloud storage, you will need to consider where the storage is. It needs to be GDPR compliant.  If you use cloud storage outside of the EU, it will need to be compliant with GDPR and only used with the correct permissions and contractual assurances.
  4. Ensure your Data Protection Policy and privacy notices are up to date and make sure that they are available on your website.
  5. And finally, we always think that having a device password protected is enough. It is not.  If you have a laptop or another mobile device carrying personal information you may need to consider getting this encrypted.  In the eventuality that these devices are lost or stolen, it reduces the impact of any data regulation breach.

These are just a few of the things that you should consider.  GDPR is a vast topic and cannot be covered in one blog.  I recommend contacting Lesley Cooley at GDPR Advisors UK on lesley@audit-and-risk.co.uk or at http://gdpradvisorsuk.com should you have any questions.

Lesley is a qualified Data Protection Officer with over 15 years’ experience and can answer any questions that you have.  Alternatively, helpful hints and tips are posted regularly on https://www.facebook.com/GDPRAdvisorsUK

I hope that you have found this information helpful.  To find out more about The Umbrella Tree please visit www.theumbrellatree.co.uk