The new EU General Data Protection Regulation (GDPR) is imminent. From May 25th, 2018, companies and other organisations will be required to abide by it – so you do not have long to prepare and take action to ensure that you are fully compliant.
The force of the new legislation is to provide more protection for individuals and their personal data. Where your trade is Business-to-Consumer (B2C) it is essential that you take action. Business-to-Business (B2B) operations are less affected but you still need to review the data you hold on individuals within customer firms.
If you fall foul of GDPR you could be subject to an official review and this could result in your company:
• Gaining a bad reputation
• Paying a substantially fine
• Being banned from operating in certain member states
Therefore, be proactive and review whether your existing procedures are fit for purpose in the new situation.
What to Do
- A key aspect is that individuals will have to be seen to consent or ‘opt in’ to receiving communications from you, especially marketing emails and cookie-related web tracking of visitors to your site. This need not mean the end of these very effective forms of marketing: there are forms of words that can be used that will comply in future, but it will involve changing your procedures to ensure compliance. You also need to record the individual consents in case you are ever challenged about them.
- Any well-run firm will have Customer Relationship Management (CRM) software recording data, which may well include personal information. Review who records this data and how it is looked after, to make sure it does not breach any of the new regulations.
- If the worst happens and there is seen to be a data breach, you need a GDPR-compliant written policy for dealing with it – but not one that gathers dust in a drawer. It must be communicated to all customer-facing staff in your business.
- Some companies will have to appoint a data protection officer. Ordinarily this will not be a full-time post but must be added to the responsibilities of an existing person. Who will it be? They will need to be trained.
This can all seem a bit much to be handling in addition to all your daily tasks: but we at Odiri Tax Consultants stand ready to review your situation and assist with making the changes that are needed to ensure you stay on the right side of GDPR.