Member Article

How can SMEs better prepare for GDPR?

The run-up to GDPR has begun. With just over six months to go, many SMEs are finding themselves unprepared and unaware of the changes which need to be made to be compliant with GDPR. Whilst some aspects are the same as those included in the 1998 Data Protection Act, there are a number of new restrictions to be aware of.

With this in mind, IT consultancy QuoStar has put together a checklist of five things that will help to improve SMEs’ readiness for this regulation.

1. Appoint a Data Protection Officer (DPO) Someone within the business will need to hold the role of Data Protection Officer under the GDPR regulation, and will be responsible for the information held within the organisation. This doesn’t need to be someone who works full-time and can even be outsourced if required.

2. Know your data A crucial part of GDPR is understanding the personal customer data on file, and how it is processed. Having previous consent from the customer does not necessarily mean that a business has consent for using that data differently, so renewing this consent may be needed. This particularly applies to data held about children, as parental/guardian consent is now required for this data to be processed.

3. Consider consent On top of this, GDPR goes beyond current requirements when it comes to requesting consent to process personal data. SMEs should ensure that they are using simple language in their consent forms and are completely clear about how individuals’ data will be used. Any issues in this area will undoubtedly lead to repercussions from the regulator next year.

4. Prepare for a data breach To this day, many SMEs still don’t have procedures in place for how they will respond to a security breach. A business must know exactly how it will deal with a breach, and what systems it has in place. Should a cyber-attack occur, SMEs will need to report it to the ICO within 72 hours, and could face a fine of up to 20 million Euros for falling victim to a cyber-attack.

5. Think tech SMEs will likely already have systems in place to assist in performing compliance and risk checks, and automation will undoubtedly help with this under GDPR. Any third party systems such as finance and IT should be consulted on how GDPR-related compliance can be automated as best as possible, to lessen the risk of something slipping through the net.

This was posted in Bdaily's Members' News section by QuoStar .