European data protection laws are changing and come into
force 25 May 2018. These new laws will affect all businesses in the UK and the
current Data Protection Act (DPA) will be updated to reflect the GDPR
The GDPR is a framework with greater scope, much tougher
punishments and judicial remedy for those who fail to comply with new rules
around the storage and handling of personal data, be it in physical or
are these new laws being introduced?
Since the DPA was introduced in 1998 technology and the
internet have developed at such a rapid rate that these rules are now deemed to
be ineffective. Nowadays, the ease and sophistication of data collection means
that thousands of SMEs not only collect personal details, but store, move and
access them online. Personal data is used in everything from sales to customer
relationship management to marketing. Cybercriminals are now much more common.
In 2016, companies in the UK lost more than £1billion to cybercrime. Major data
breaches have given criminals access to names, birthdates and addresses and
even social security and pension information.
A recent report from the Federation of Small Businesses
(FSB) claims that SMEs are now more likely to be targeted by cybercriminals
than their large corporate counterparts and cybercriminals consider SMEs softer
The GDPR is considered a necessity for the protection of
data in a modern internet based society.
It is also a chance to take a fresh look at your data
security as data breaches may impact on your business reputation.
does the GDPR mean for SMEs?
Businesses must keep a detailed record of how and when an
individual gives consent to store and use their personal data. This means a
positive agreement and cannot be inferred from a pre-ticked box. Customers or
individuals have the right to withdraw consent. Details must be permanently
This means businesses should review their existing data and
delete any that they do not have a valid reason to hold it. The GDPR sets out
the legal bases available for processing personal data such as needing it to
perform a business contract. Businesses should review what data they hold, have
they got consent and do they need to keep it?
Data should be kept secure and this will require a review
of current practices to prevent data breaches.
Personal data is a key tool for SMEs looking to target and
retain customers: GDPR means it must be handled with the utmost care.
You should start planning for the GDPR now and consider an
information audit and, for many businesses, a change in culture.
can we help?
We have produced a checklist of actions you should
undertake before 25 May 2018 to ensure you have a policy for compliance to
ensure you have the correct permissions and data is stored as securely as
possible. For a copy of this checklist please contact us.