Some big changes are coming on the 28th May and it’s called GDPR.
Now you may be thinking “What on earth is that?” and “that doesn’t affect me” but if you collect data in anyway from your customers you need to know what this is and how it will affect your business.
Before we start I am going to say that I am by no means a GDPR expert, I have been reading about it for the last two years in my old job and since launching DBB and there is a lot of information out there about it. So my posts will be a culmination of what I have read and understood, but it is developing all the time as they get closer to it coming into force so if you are unsure in anyway about GDPR and how to be compliant, please do contact the ICO directly for guidance.
Now, in the first of a series of blog posts I am going to be talking about what is it. Maybe grab a tea, some biscuits and a notebook because this is going to be heavy.
What is GDPR?
GDPR stands for General Data Protection Regulation and it’s the result of four years work by the EU to bring data protection legislation into line with the new ways that data is now used.
Think about it, when Data Protection Laws were created in 1998 we collected and used data very differently to how we do now. The revolution of the internet alone has changed how we interact massively and now we need to look at this and get in line with the times. So the EU have been working to do just that.
What does it actually mean though?
It means A LOT and brings a whole new world of things for you to know as a business owner. Let’s take a look.
GDPR will apply to what they call “Controllers” and “Processors” of data, for example as a business if you have a sign up form on your website and you are collecting data from other people whether it’s name, email address, interests etc. You are a controller. A processor is someone doing the actual data processing – which in a small business will also be you and also if you are using a system to send your emails like Mailchimp, this can also be classed as a processor. Both roles are required to follow the legislation as you will be held accountable for any breaches.
By breaches I mean fines and they can be BIG. The ICO can fine up to £500,000 alone but GDPR will allow fines of up to £20 million or four percent of your annual turnover – whichever they feel is higher.
Okay, you’re probably thinking “Yikes” right now, but please don’t worry, there are plenty of steps you can take to be compliant for GDPR and if in any doubt at anytime there is a whole host of resources online with the ICO and their support.
So what do I mean by “data”?
GDPR applies to “personal data” to any of those examples I gave above. If you collect any information that relates to an individual that can be used to directly or indirectly identify them, this is personal data – think of your customers and what data you collect from them when they make a purchase or sign up to receive your newsletter.
Here’s a little list of just some of the data.
– Date of Birth
– Their IP address – this is numbers that are used to identify your computer when you access the internet.
Also think about the suppliers you use in your business and the data you hold on them.
I know this can seem very overwhelming and somewhat scary, but every business in the world is in the same boat so take comfort that every one will need to be compliant, you are not alone.
Join me for the next post on Weds where I will be covering how you can prepare for GDPR.