Advertisement

New data laws loom

Small businesses ignore new data protection rules at their peril, says David Prosser – make sure you’re ready.

890-filing-634
Do you know where your data is?

SMEs ignore new data protection rules at their peril make sure you're ready.

Small businesses have just weeks to ensure they are prepared for the biggest shake-up in Europe's data protection laws for more than two decades. For those playing catch-up, the European Union's General Data Protection Regulation (GDPR), designed to harmonise and strengthen the rules on how organisations handle personal data, comes into force on 25 May. Personal data includes any information that could identify a customer, employee or any other individual about whom you have data.

Advertisement - Article continues below

The GDPR sets out severe penalties for failure to meet requirements, including fines of up to €20m or 4% of the company's annual turnover (whichever is higher). For SMEs, the key is to be practical and proportionate. Your business may not have access to the resources that large organisations are throwing at GDPR compliance, but a common-sense approach starting with the steps below will get you there.

Advertisement
Advertisement - Article continues below

First, make sure you know what personal data your business already holds, where it is held, how you got it and who you share it with. How do you collect personal data on an ongoing basis? Figure out whether you have customers' permission to use their data in the ways you do.

Next, you need a data policy that sets out your approach to personal information and answers all the questions you might be asked. It should define how you collect personal data and what you propose to do with the details; it should cover how you will keep this information secure and how you'll get consent from customers to keep their data; and it should explain how people can make a complaint about the data you hold, or get it corrected or deleted.

Advertisement - Article continues below

The policy must also include a breach response plan, setting out what your organisation will do if there is a failure of some sort. Ensure that all your employees understand the policy. There may be creative ways to manage staff training efficiently. Are you a member of a local business group that offers training, for example, or could you team up with other SMEs to sort out training?

Outside your organisation, regulators expect you to take responsibility for the third parties with which they transact if a data breach happens because of a failure at one of your suppliers, say, it will be your problem too. Ensure your supplier contracts include provisions that set out what third parties can and can't do with data you share with them.

With time now short, be realistic and pragmatic about what matters to your organisation and the risks your company is exposed to. Identify your most sensitive data and how it is prioritised. Find out where the weak links in the chain may be. Finally, keep in mind that GDPR compliance is not a one-off exercise to be completed by 25 May and then forgotten. Make sure your data policy includes provisions for a regular review of your company's practices.

Don't miss out on broadband cash

Small businesses around the UK are being offered access to a £67m funding initiative designed to help them upgrade their broadband connections. The scheme targets small businesses throughout the country, which will be able to apply for vouchers worth up to £3,000 to help them secure ultra-fast full-fibre broadband connections.

The initiative will run until 2021, or until the £67m is used up, and aims to build on a similar scheme in 2015 which saw more than 50,000 small businesses successfully apply for broadband vouchers. While this latest scheme has less funding than the previous one, which delivered vouchers worth more than £80m, ministers hope take-up this time will be similarly brisk.

The vouchers are designed to help small businesses meet the upfront costs of connecting to full-fibre broadband, which can be expensive, particularly in areas where providers are still rolling out their networks. Thereafter, businesses will pay their own rental costs.

Advertisement
Advertisement

Recommended

Small business: how to chase late-paying customers
Small business

Small business: how to chase late-paying customers

Many small business have trouble getting their customers to pay up on time. Here's what you can do about it.
23 Jan 2020
Will insurers cough up over Covid?
Small business

Will insurers cough up over Covid?

Hundreds of thousands of small businesses should hear in September whether their insurers are legally bound to pay out on business interruption polici…
3 Aug 2020
HMRC defers tax deadline for millions of self-employed people
Small business

HMRC defers tax deadline for millions of self-employed people

The coronavirus pandemic means the 31 July payment on account date has been postponed for six months.
31 Jul 2020
Bounce Back loans pass the one million mark
Small business

Bounce Back loans pass the one million mark

More than one million small and medium-sized enterprises have now taken out Bounce Back loans.
17 Jul 2020

Most Popular

Eagle Lightweight GT: the reincarnation of the E-type Jag
Toys and gadgets

Eagle Lightweight GT: the reincarnation of the E-type Jag

Jaguar’s classic E-type sports car has been reinvented for the modern age. The result – the Eagle Lightweight GT – is a thing of beauty.
7 Aug 2020
Platinum: the precious metal that looks set to play catch-up with silver and gold
Silver and other precious metals

Platinum: the precious metal that looks set to play catch-up with silver and gold

Gold and silver continue to soar, but there's still time to get in. And there's another precious metal that looks set to go on a bull run too, says Jo…
7 Aug 2020
Don’t despair on dividends – these companies could be set to bring them back
Income investing

Don’t despair on dividends – these companies could be set to bring them back

The value of dividends paid out by UK stocks has plummeted this year as companies “rebase” their payment policies. But things could soon start to look…
6 Aug 2020