Most businesses are fully prepared, have appointed a DPO & are starting to ensure compliance. However, there are still those out there who are either unsure about GDPR, or don’t seem to know anything about it at all!
The GDPR is almost upon us. Most businesses are fully prepared, have appointed a DPO & are starting to ensure compliance. However, there are still those out there who are either unsure about GDPR, or don’t seem to know anything about it at all!
The information about the GDPR has been in the media for over a year now & although you can gain access to this everywhere, there still seems some confusion over what this means for sole traders & small businesses. However, the bottom line is, if these companies do not explore & implement compliance, the aftermath could be financially crippling.
For the most part, large corporate companies have been building GDPR compliance into their HR & Marketing procedures since the GDPR was announced. It is the public authorities & large corporate giants who deal with multiple layered personal data who will not only need a recognised DPO, but they will over the next year need to demonstrate that they are putting these new regulatory procedures in to practise.
Although the GDPR is very similar to the current data protection guidelines, the GDPR becomes a regulatory necessity for all companies who deal with personal data. The most significant difference to the GDPR regulations is the power it gives to the individual about how their data is stored & it’s appropriateness within the company who has it.
An example of the way a corporate giant is tapping in to GDPR & in the light of Cambridge Analytica breach; corporate giant Facebook has been repeatedly informing users of their rights & their need to ensure their data is protected.
But what about the sole traders? the small business owners who may have been working under minimal data protection procedures within their own companies? When Virtually Smart Ltd spoke to a select few sole traders & small business owners, most of them didn’t even know what the GDPR was, let alone how not being complaint could affect their business. In addition, Virtually Smart Ltd recently created a poll for VA’s asking ‘From your own experience/knowledge, do you feel that sole traders/small business owners are prepared for GDPR?’ 27 out of 33 responded ‘No!’ That is a whopping 81.82% of VA’s who are on the front line of the GDPR, who are clearly concerned about the smaller businesses when it comes to the new legislation.
In addition to this lack of knowledge & or preparation, one of the many elements of the GDPR which could cause detrimental issues to the soul traders & small businesses, is what would happen if there was a data breach?
‘All companies are vulnerable to data breaches, whether due to negligence, malicious action or a combination of the two. Small businesses might mistakenly believe that they’re below hackers’ radars or don’t have anything worth taking, but cyber criminals often target exploitable weaknesses rather than specific companies.
It’s important to know what to do should you be breached. The GDPR states that any breach that results in a risk to the rights and freedoms of individuals needs to be reported to the relevant supervisory authority within 72 hours of its discovery.
This will be tough for sole traders to comply with, as it takes time to prepare the requisite information. The breach notification needs to provide:
- The nature of the breach, including – where possible – the categories and approximate number of individuals and personal data records concerned.
- The name and contact details of the DPO or relevant person.
- A description of the likely consequences of the breach.
- A description of the measures taken or proposed to be taken to respond to the breach.
It will be much easier to meet the 72-hour notification deadline if you have a plan to carry out these requirements.’ www.itgovernance.eu
With all of this in mind, what can sole traders & small businesses do to help themselves with their compliance? As the VA community is greatly knowledgeable about this topic, these smaller businesses really should be tapping in to this resource & creating those layers of protection around their businesses. Virtually Smart Ltd, like a lot of VA companies, offers a GDPR assessment service to all business owners. Not only can Virtually Smart Ltd ensure all of the policies are in place to recognise GDPR compliance, but they can also undertake an evaluation of software systems & applications to guarantee compliance.
The GDPR is here & there is no way of escaping it. Accountants, marketing experts & VA’s alike have the knowledge & expertise. It is how we get that message out there that becomes the challenge.
If you are uncertain as a sole trader or small business owner if you are functioning within the GDPR guidelines, then contact Virtually Smart Ltd today to discuss how we can evaluate your systems.
