Learn how small businesses overseas can comply with the GDPR, including right to access their data, correct inaccurate data, and access to data portability.
As a small business owner overseas, getting ready to comply with the General Data Protection Regulation (GDPR) may not be at the top of the to-do list. Small business owners may think that the GDPR only applies to large, global companies that have business on the other side of the world, not for companies with fewer than 200 employees.
Having said that, GDPR is one of the largest and most far reaching global data privacy laws, and all businesses, no matter large or small need to be GDPR compliant with processes and documents in place. This new data protection law goes into force May 25, 2018 and will apply to all companies handling the consumer data of citizens within the European Union(EU), no matter the size, industry or country of origin of the business.
What should small businesses know about the GDPR, and why does it matter? The EU member states proposed the GDPR in 2012 to create consistent data privacy laws. The GDPR provisions specify that:
- Anyone involved in processing EU consumer data, including third-party entities involved in data processing, can be found liable for a breach.
- When an individual no longer wants a company to process their data, the data must be deleted.
- For companies collecting customer data or processing sensitive data on a large scale, they must appoint a data protection officer.
- Companies and organizations must notify national authorities of serious data breaches within 72 hours of detecting a breach.
- For children under a certain age using social media, parental consent is required.
- Individuals have a right to data portability to enable them to transfer their data easily between services.
There are implications of these compliance requirements for smaller businesses point to the need for a GDPR-readiness strategy. So are you ready for GDPR? Here are a few ways to prepare:
- Understand the types of personal data your business is handling before making any decisions.
- Second, develop a consent policy to process personal data and acquire consent from customers.
- Third, review and update your security measures and policies and make them GDPR compliant. This means being ready for data portability.
- Fourth, prepare for data access requests and fair processing notices. The GDPR stipulates customers have the right to access their data, correct inaccurate data, object to their data being processed, or even completely erase their data that you hold. Such requests must be processed and completed within the required time frame.
- Fifth, make your consent process clear, specific and transparent.
But why does this all matter? Well, the GDPR noncompliance can trigger steep fines, as much as up to 20 million Euros(which is about 24.2 Million U.S. dollars) or 4 percent of a company’s annual revenue, whichever is higher, even if noncompliance is accidental.
For small companies with pressing priorities, GDPR may not be the top objective. But no one likes having their data lost, stolen, damaged, misused or shared without proper consent. Doing everything you can to protect your customers and grow their trust could be a unique selling point, one that can be used to add value to your business.
Read the complete article here.
If you are a small business, and you need help as to how to comply with the GDPR, send us a message or read more about Connectid Business.