May 2018 | Small Business

Are you ready for the GDPR?

The General Data Protection Regulation (GDPR) will soon become enforceable and although it will mean change for many businesses, it also brings opportunities.

Ultimately, data subjects are at the very heart of the GDPR. It is designed to put individual’s first and encourages businesses to do the same by being open, honest and transparent about the personal data they collect, how it’s used and the reasons why.

The businesses that embrace the GDPR and overcome any initial challenges, will be the ones who reap the rewards of customer loyalty and trust.

The challenges

Changes in technology

Under GDPR, organisations must be accountable for how they handle personal data. This means they need to know (amongst other things) exactly what personal data they process, where it’s kept and what purposes it’s used for. They’ll also need to be able to respond to any consumer requests to view, correct or where appropriate, delete their personal data.

Being accountable also means that businesses must be able to demonstrate that they are taking the necessary steps to keep personal data secure at all stages in its lifecycle. In many cases, new and more sophisticated technology may be needed to remain compliant.

Additional resource

The risk exposure associated with GDPR means that organisations are likely to give greater priority to data security and to upholding the interests of individuals when it comes to their personal data.

Businesses will need resource to deal with new consumer queries and requests.
They’ll need resource to conduct regular Data Protection Impact Assessments (DPIA) and in some cases, they’ll need to employ a Data Protection Officer (DPO) to manage and oversee their compliance with GDPR requirements.

Greater penalties

Under GDPR, the ICO will have the power to impose much higher penalties than it had under the Data Protection Act 1998 (the “Act”). In particular, under GDPR, the ICO could impose a fine of up to €20 million or 4% of annual turnover – whichever is greater. This is a stark contrast to the maximum fine of £500,000 which could be imposed under the Act.

The ICO could also:

  • Issue warnings
  • Conduct audits
  • Demand that you fix any non-compliance, and
  • Demand that you cease or suspend processing personal data.

The Opportunities

Creating a truly customer-centric business

The new responsibilities which the GDPR brings may seem difficult, but it’s important to remember what lies at the core of these changes; the rights and interests of data subjects’, your customers.

Organisations who embrace this and who truly put their customers at the heart of everything they do will find that the GDPR is more of an opportunity than a challenge.

Increased consumer trust

In many ways, the GDPR was a necessary development with the growing use of personal data requiring greater focus and regulation.

With regular stories of huge data breaches in the press, it’s hardly surprising that consumers can feel reluctant to hand their personal data over.

By doing the right thing, businesses have a real opportunity to earn their customers’ trust and in so doing, put themselves in a position where their customers are comfortable giving their personal data to them.

Improved transparency

Transparency is a key requirement of the GDPR. Businesses must let customers know when they are collecting personal data and what they’re using it for.

You might have expected this to appear as a challenge rather than an opportunity, and post-GDPR you may see your numbers go down as a result – however, you should see the quality of your audience go up. After all, it’s not always about the size of your audience, it’s about how engaged they are with your business.

Our BusinessView service is here to support you when it comes to keeping your data cleansed and up-to-date. If you’d like more information, then just give us a call on 0870 012 1111 and one of our team will be happy to help.

Please note that while we can support businesses with their preparations for the GDPR, we cannot offer legal counsel or compliance advice and this blog should not be considered as such.