Getting Started With GDPR and Data Protection
Let’s make this super easy because we know you’re busy and you feel there simply aren’t enough hours in the day to deal with GDPR. It probably also feels too overwhelming - right? Don’t worry, GRC does business legalese differently and we’re here to help with our step-by-step guide to GDPR and our tailored expert guidance.
The top tips in this guide are designed to make data protection more accessible for beginners who are taking their first steps towards GDPR compliance – perhaps you’ve been in business for a little while and you’re now looking to get started with data protection. This blog will guide you to getting started with GDPR using clear, plain and simple language with practical advice. It’s not groundbreaking but it will help you.
You’re busy growing your business so you tell yourself that it’s impossible to prioritize GDPR over business growth, business goals and profit. Well, this blog provides you with a few simple yet effective ideas to get you started with GDPR and Data Protection tasks so that you are clear on exactly what you need to do.
Basic Steps and Tips For Small Organizations
If you don’t know much about data protection law or the UK GDPR then you’ve come to the right place. All business owners must keep personal data safe so here are a few basic steps and tips to help you with getting started.
Ask yourself what would your customers say about the way you handle their data? What would the Data Protection Regulator say when it comes to the way you handle, store and share personal data?
How Do I Comply?
The compliance standards are difficult to meet and GDPR is still open to wide and varied interpretation but that is no excuse. You must get started.
Consider the threat of a hefty fine or possible imprisonment, what would you do if this happens to you? Ask yourself, if I don’t do anything about these considerations or concerns what’s the worst that could happen? Research shows that consumers and customers do care a lot about privacy issues so your business will be left behind if you don’t get on board. The key fact is that customers won’t forgive companies that lose their data!
If these questions and pointers throw up a few considerations for you, then you’ll have to make some changes so it’s best to start preparing as soon as possible so we’ve decided to help you out with a handy guide that will get you started. Just as a little reminder, GDPR entered into force on 25 May 2018 so there is no time to lose with getting started – especially as businesses continue their digital transformations.
Set aside just 15 or 20 minutes and get advice from a GDPR or Data Protection specialist on how you could quickly avoid the worst-case scenario and follow our handy tips below. Taking the smallest step on your data protection journey will make you feel relieved and less anxious about things.
Personal Data – Make A list
As a business owner, you are responsible for the personal data that you hold. You decide what you do with the data, how long you should hold onto it for and you decide how it should be stored, etc.
Start by making a list of the personal data that you’ve saved on your phone, tablet or computer – for example, people’s names and addresses, photographs, customer reference numbers, medical information or customer feedback reviews.
Identify A valid Reason For Holding Personal Data
Ask yourself, why you are holding this data and consider how you will use it. The way you use data must be fair and lawful. Asking “why” will help you to identify a valid reason or lawful basis for holding the data.
For example, if you own a building firm it would be unlawful or misleading to collect information about your customer’s health and well-being. You haven’t got a valid reason for collecting such information and your customers wouldn’t reasonably expect you to collect such data.
There are 6 types of lawful basis that you can use, and Consent is just one lawful basis. There are others and you need to put extra conditions in place if you are processing special categories of data which is a very specific term under GDPR.
Think About Transparency
You have to be proactive and transparent about the way you use peoples’ data. Tell people why you hold their data, how you will use it and who you will share it with and why, etc. The best way to do this is to use a Privacy Notice.
You must have a Privacy Notice on your website, for example. The Privacy Notice will keep people informed about your data processing activities and the rights that they have.
Think About Security
You need to demonstrate that your systems and data are adequately protected. This is an important way of demonstrating how you are protecting the rights and freedoms of individuals.
Know What To Do If A Disaster Strikes
If the worst happens and something goes wrong with the data that you hold – e.g. If the data is lost, stolen, hacked or compromised in some other way – you need to know what to do. This is called a Personal Data Breach so you should contact a GDPR or Data Protection specialist for further advice on the next steps.
GDPR – The Framework With Strict Rules
Do you think you might be exempt from the GDPR? The GDPR impacts on every entity that holds or uses personal data within UK or Europe, even if they do not have a business presence within UK or the EU.
Your business will be caught by GDPR, one way or another, so you must comply with the strict rules. For example, does your business process personal data such as names, ID number, location data, credit card information, health data, biometric data, genetic data, religious affiliation, philosophical beliefs, ethnic origin, trade union membership, psychological condition, sexual or gender preferences, IP addresses, email addresses or browser cookie data?
Business owners or companies who process personal data are either Data Controllers, Data Processors or possibly (not unusually, both!) and under GDPR there are strict rules about what you can and can’t do as a Data Controller or Data Processor.
Follow these top tips and tap into some quick-win, simple solutions you can easily implement within a few days.
Stick To The Principles
The GDPR sets out several principles on how business owners should use personal data. Some of the most important principles are fairness, transparency and having a valid reason for processing data.
You need to be able to demonstrate compliance with GDPR principles. This requirement is often referred to as the Accountability principle.
Doing Data Protection as a freelancer or small business owner doesn’t have to be expensive, complicated or time-consuming. Think about it, as you continue to build your business that will stand the test of time.
Come and hang out with me on LinkedIn Christinatueje, please say Hi! I would love to hear from you.