Are you ready for the GDPR

The new European personal data regulations come into force this year which means SMEs need to start preparing now. In May the Data Protection Act (DPA) will be replaced by the EU’s General Data Protection Regulations (GPDR). The framework has a greater scope and much tougher punishments for those who fail to comply with new rules around the storage and handling of personal data. With all this happening and the UK uncoupling from the EU it means that it will likely be converted into British law.

Among many new conditions, one of the biggest changes SMEs will face concerns consent. Under new regulations, companies must keep a thorough record of how and when an individual gives consent to store and use their personal data. It can no longer be inferred from such things as pre-ticked box. Companies will have to show a clear auditable trail of consent. Consent can also be withdrawn easier and quicker, when this happens data needs to be removed from the system not just removed from a mailing list.

Preparing for this will require a full information audit and, for many companies a change in culture. SMEs should start to plan and implement well in advance of the deadline. Personal data is a key tool for SMEs looking to target and retain customers: GDPR means it must be handled with the utmost care. Over the next few months more details will emerge, but for now, it’s certainly worth making a start on understanding the personal data you hold, be that on employees, your customers even suppliers and where it is kept and who can access it.