As we enter the last 7 months of countdown, more and more businesses are starting to worry about GDPR. At first, it was only the finance and IT industry that were wringing their hands, but soon business owners realised everyone would be affected by the new regulation. By now most business owners worth their salt have heard about the new GDPR. The savvy ones might have even started putting measures in place to get ready for it. But most of those are “big businesses”. You know, the ones who have infinite resources and entire departments dedicated to compliance and regulation. But that leaves the smaller businesses somewhat flustered and unsure of what to do. But never fear, Little Acorn are here to provide some more general guidance on the issue of GDPR.
What Is GDPR?
But first, what is this big bad acronym that has business owners rushing around like ants? GDPR stands for General Data Protection Regulations, and it’s essentially the EU’s answer to the Data Protection Act. However, unlike previous EU directives (which countries can choose to implement or not, and how), this is a regulation. This means it will apply to all EU countries in the same way. It also reaches outside of the EU to any organisation that handles EU citizen data, regardless of their location in the world. The regulation is already in place – we are partway through a transition period that allowed businesses to get their house in order before the regulation comes into effect on the 25 of May 2018.
The aim of the regulation is to unify and standardise data protection policies, shoring up weak spots and creating a strong base for personal data protection. The regulation provides a single set of rules for all member states to follow (including mandatory security notifications, new rules around user consent, a clearer definition of what could be personal data and greater rights for people to access and request deletion of the information companies hold on them). A special council will be created to oversee sanctions and provide guidance.
The Brexit Question
I feel I need a small note here. Before you ask, yes, UK businesses will still have to comply even if Brexit goes ahead. Not only will be still be handling EU citizen data (and therefore still subject to GDPR), but the government have also confirmed that they will be passing GDPR into UK law if we do leave. So, no matter what happens, you still need to prepare.
Areas of Your Business Affected by GDPR
The mistake a lot of businesses are making is assuming that GDPR will only really affect the IT department. And while it might be true that IT will certainly be hit hardest, that doesn’t mean the rest of the business is off the hook. In fact, there are 5 key areas of every business that will be impacted by GDPR:
Legal – One of the most important areas to be affected is the legal department (if you have one). There are many different changes that will need to be made to contracts, terms and conditions, policy documents throughout the business to ensure the consent rules are being met. This also means that the legal department will have to review and possible renegotiate contracts to meet this requirement.
Finance – GDPR will hugely influence the way accounting and financial processes function within your business. Huge amounts of confidential data pass through this department every day, so you need to be sure all your systems and policies are bulletproof. Because of the volume of data at risk, GDPR will impose heavy penalties on businesses that fail to guard their financial data adequately.
Sales & Marketing – Sales and marketing departments are the front line when it comes to dealing with customer data. They are usually responsible for the collection of data, so the consent rules need to be carefully followed. Sales and marketing need to make sure that their teams are addressing customers who have opted in or given their direct consent to receive it.
HR – GDPR will not only impact the way the business works, but it will also improve the rights of all employees too, giving them increased safety, security and control over their personal data. Everyone in the HR department needs to be updating contracts, ensuring that everyone understands their new rights and implementing them.
IT – And of course, the IT department are the first line of defence for all this data. The IT department is the foundation for the GDPR framework, which is why IT departments are currently running around like mad trying to get the systems updated and everything ready.
At Little Acorn Marketing, we are working with businesses in the Thames Valley to help them get ready for GDPR. Sure, we might not be able to help with the in-depth technical IT issues, but we can help review and improve your sales and marketing policies. Whether you just need a few tweaks or to redesign a new strategy to stay complaint, we are here to help. For more information, just get in touch today.