Businesses have just four months to ensure they are ready for GDPR rules, and small firms are no exception.
The introduction of General Data Protection Regulation (GDPR) is fast approaching.
GDPR, which comes into force in the UK on 25 May 2018, introduces some new provisions, including enhanced accountability and new procedures for handling data breaches and subject access requests.
But most small firms thinking they will not be affected are in for a nasty surprise. As a starting point, any business that handles personal data needs to identify how it uses the data, where it is stored and whether it is actually needed. The rules affect controllers – those who determine why and how data is used – and processors, who usually act on their behalf.
Essentially, two main types of data come under the regulations: personal and sensitive personal data. GDPR refers to sensitive personal data as “special categories of personal data”. Personal data is any information relating to an identified person or someone who can be identified by reference to an identifier, such as names and locations. Special categories of personal data include genetic data, biometric data (where it’s used to uniquely identify an individual) and information about religious and political views, health or sexual orientation.
Rianda Markram, Head of Content and Training at LHS, FSB’s Legal Services provider, says businesses need to take action now: “Firstly, inform your staff of the existence of GDPR and that it’s likely to result in changes in how your organisation handles personal information,” she says. “Regularly review and update your internal procedures of handling personal data, create a plan to deal with subject access requests and implement a process for breach notifications.
“Secondly, review your existing processes for collecting, storing, deleting and securing of personal data to identify where you need to enhance your processes.
“Thirdly, consider data protection at the start of any new project or where you are using new technologies to determine the risks it may pose and how that can be mitigated.”
FSB Business Essentials members can access FSB Legal Hub, the new online legal help and advice portal from FSB, which includes a dedicated section on the impact of GDPR.
Visit fsb.org.uk/benefits/advice/legal-information for more details