You’ve probably heard the term GDPR recently – usually alongside a whole heap of doom and gloom about how it will restrict small businesses. Don’t panic – it’s not as bad as many like to make out (usually those with expensive workshops to sell…….). Here’s my take on GDPR and how it impacts those of us with micro businesses.
What it is
GDPR stands for General Data Protection Regulation (GDPR) and is due to come into effect in May 2018. It’s an EU wide overhaul of the Data Protection Act – so if you are currently subject to Data Protection then GDPR will certainly affect you.
GDPR requires businesses to be much more aware of the personal data they collect, how it’s handled and ensuring they have consent for using that data.
Do small businesses need to comply?
Businesses with fewer than 250 employees are exempt from some parts of GDPR, but that doesn’t mean you are completely off the hook. Businesses of any size that process data will need to keep more stringent records of how they handle that data. And it’s vital to have good processes in place to ensure data is kept secure.
What about Brexit?
You won’t be able to use Brexit as an excuse. For one thing the legislation comes in before the UK officially leaves the EU. And it’s highly likely that the UK will incorporate GDPR into “mirror” legislation – basically taking an EU law and turning it into an identical UK law which takes over when we leave.
How will it affect you?
It’s going to be different for each business.
For micro businesses that send out the occasional marketing email, there’s very little to worry about – but make sure you know where those email addresses are saved. If you have employees then your staff records will come under GDPR.
Regulations like this tend to be terribly vague – it’s hard to find hard answers for a particular question like “Can I still use Mailchimp?”. Compliance is all about having processes, documenting them and being able to justify them.
Take the opportunity to review what data you hold and how you use it.
One thing’s for sure – the ICO (Information Commissioners Office) will have far more important things to worry about than a small business that isn’t quite 100% on the ball.
Despite the headline penalties (fines up to 20 million Euros) it’s unlikely that they will come after you for adding someone to your Mailchimp list without permission in triplicate!
But that’s not an excuse to ignore it – make sure you are informed and get your business properly compliant before May.
Where can I find out more?
For full details on GDPR check out the ICO website.
The Federation of Small Businesses also has some useful guides (some content is for members only).