What Small Business Owners Need to Know About GDPR Compliance
GDPR is one of the largest and most far-reaching global data privacy laws. It applies to all companies handling the consumer data of citizens within the European Union (EU), no matter the size, industry or country of origin of the business.
If you haven’t done something already, you’re late! GDPR took effect on May 25th, protecting all kinds of personal data, including names, addresses, ID number, web data, health data, biometric data and racial or ethnic data. It affects just about any company that stores, or even processes, personal information about EU citizens. So even though your business is not physically in the EU, if you handle customer data of citizens who reside in the EU, you are subject to GDPR.
Bret Piatt, CEO of Jungle Disk, a cybersecurity company for Main Street wrote this checklist to help small businesses work through the process to GDPR compliance. If you’re a small business owner YOU NEED TO READ THIS.
The world’s strongest data regulation law centers on two main principles: Companies need your consent to collect your data; and that you should only be required to share data that is necessary to make their services work.
As a business- large or small, these are the 5 things you need to do to be GDPR compliant.
Understand the types of personal data your business is handling.
Review and update your security measures and policies and make them GDPR-compliant.
Prepare for data access requests and fair processing notices.
Make your consent process clear, specific and transparent.
Appoint someone within the company who is responsible for data protection or use a virtual DPO or outsourced contractor.
Don’t get slapped with a huge fine because you weren’t prepared or thought that these regulations didn’t apply to your business. Even if noncompliance is accidental, your company could face fines up to 20 million euros or 4% of annual revenue, whichever is higher. Do your homework and consult with a legal team if necessary.