Every company processes personal data. Whether you’re creating a mailing list or membership card, this is data that will be subjected to the General Data Protection Regulation. But what is the GDPR exactly? Will it change the way you do business? Which measures do you need to take? In this article, we’ll concisely and comprehensively explain what the GDPR means and how it affects small businesses.
What is the GDPR?
Data and privacy legislation haven’t changed much in the last 20 years. At the moment, companies comply with the Data Protection Directive, a European law regarding privacy and data protection dating back to 1995. That’s odd, because the world has gone through major digital transformations since then, like the rise of the cloud and social media. In a world where data exchange has increased exponentially, how can you ensure your personal data security?
The Data Protection Directive also depends strongly on national law, which results in different interpretations and applications of the directive in European countries.
With the GDPR entering into force 25 May 2018, every business located in the EU or every business processing personal data from EU data subjects, will have to comply. The whole point of the GDPR policy is to keep companies better protected and deal with security breaches. EU companies will have to comply with privacy rules across the board. This could make your expansion to other European countries easier, although you should keep in mind countries are still allowed to apply GDPR principles more strictly.
What does the GDPR mean for small businesses?
First of all, it’s important to understand which personal data your company stores or processes. An SME controls all kinds of personal data: about your staff, customers or suppliers or your day-to-day communication.
Examples of processing personal data:
- Asking for personal details when someone creates an order on your websites
- Retaining information about your co-workers or suppliers
- Letting people subscribe to your newsletter on your website
Whether your business is big or small, you need to know how your company stores and processes data today and handle your data in a safe and legal way. Every business processes data: whether you host, consult, archive or even delete data - your business will have to comply with the GDPR.
When is it okay to collect personal data?
Data may only be processed if it meets one of these six legal grounds:
The GDPR is something that can be used to your advantage, adding value to your business. By proving to potential and existing customers your organisation complies with new laws to protect the rights of citizens (and your customers) who are in the EU, you can bring in more business. More importantly, you’ll make sure your business is ready for the future, in accordance with the law.