Sales & Enquiries

01268 568500

Helpdesk & Support

01268 568650

10 reasons your business needs to take the GDPR seriously. We're all hearing about the General Data Protection Regulation (GDPR) right now. Most of us should know roughly what it's all about by this point, but why is it so important that business owners sit up and take note?

10 Reasons Your Business Needs to Take the GDPR Seriously

The General Data Protection Regulation is Coming May 2018 - Are You Taking Note?

We’re all hearing about the General Data Protection Regulation (GDPR) right now, especially those who own, manage or operate a business. Most of us should know roughly what it’s all about by this point, but why is it so important that business owners sit up and take note? Here are 10 reasons your business needs to take the GDPR seriously.

1. The GDPR is Coming Up Soon

Very soon in fact. The GDPR will come into full effect in May 2018, so it’s certainly crept up on us. So if you’ve been resting on your laurels thinking you don’t have to worry about it for ages then bear this in mind, because the time is now.

2. The Protection and Security of the Data You Hold is Paramount

Confidential or sensitive data poses a significant risk if misplaced, stolen or abused. The protection and security of your data subjects and the information you hold on them is really what this is all about, and this means that they come first every time. The GDPR is first and foremost in the best interests of the people – not the business.

Data subjects can include customers, suppliers, service providers, staff, associates – anybody that you or business holds data on.

3. The Penalties Can Be Severe

The worst offenders could face fines of up to €20 Million, (£17.6M), or 4% of the organisation’s global turnover – whichever is greater.

4. It Applies To Everybody

All organisations that store and process data for the purposes of providing goods or services to subjects in the EU will be required by law to comply with the GDPR – even if the organisation holding the data isn’t located in the EU.

5. Your Customers Have the Right to Consent

Before you collect and begin to use a subject’s data, they will need to have provided your organisation with explicit and clear consent, expressed a legitimate interest, or will have agreed as part of a wider contract. Either way, they must under no illusions as to what they’re agreeing to; this means no more obscure opt-in strategies or tricky tactics to hook people in.

Similarly, it must be equally easy for subjects to withdraw their consent at any time, with no legalese or confusing jargon getting in the way.

6. Your Data Subjects Have a Right to Their Information

At any time, your data subjects can request confirmation that their data is being held and used by your company. Also at the subject’s request, your organisation’s appointed data controller will be required to provide an electronic copy of all data held on them, free of charge.

7. Your Data Subjects Have a Right to be Forgotten

As long as there is no other lawful reason for holding onto it, if a subject’s data is no longer relevant or being used for its original purpose they can request that all data held is erased entirely from your systems and logs, and any outstanding or ongoing processes halted immediately.

8. You May Need to Change Some Core Operational Processes

Data protection and privacy needs to be built into your systems, strategies and infrastructure from the very start, so it may be necessary to go back and rethink some things at the ground level. Any new operations will of course also need to factor in data protection and privacy policies in accordance with the new laws.

9. You May Need to Appoint a Qualified Data Protection Officer

If you’re operating a public authority organisation, or are a large company with more than 250 employees, you may need to appoint a professionally qualified Data Protection Officer to oversee all data protection strategies, and ensure everything is remaining compliant. You should check the criteria on the ICO website to see if this applies to you or your business.

10. It Will Inspire Trust and Confidence

So far we’ve seen that the main focus of the GDPR is the data subject – it really is all about them. In fact, you should be protecting their data for their sake, not simply to avoid a fine.

However, there are some benefits for your business to enjoy as well – mostly in the areas of trust and confidence. If your data subjects feel confident that you’re handling and protecting their data professionally and adequately then this will help to improve your company’s reputation and public image. This can then lead to better relationships with new and existing customers, bodies and organisations which in turn lends to a higher potential for not only repeat business, but new business as well.