If the answer is YES to any one of the below then email or call us for free advice.
Still unsure then call us anyway and if necessary we can then arrange for a chat and free consultation.
• Does the data you hold include basic identity information; name, address, ID numbers, social media details, medical information, biometric, racial, ethnic or financial data?
• Do you use personal data for communications and/or marketing?
• Are you a B2C provider?
Ensure that you comply and future proof your business.
The GDPR is a new set of rules that define how a company collects, stores and shares Data to and from EU Citizens. It is designed to ensure Companies take reasonable steps to protect Data or risk severe penalties - up to 4% of turnover.
All EU laws are being drafted into the UK's statute books before we leave, so any EU laws will become UK laws once we leave. Even if the UK change GDPR afterwards we will still need something very similar in place to ensure UK companies meet a minimum level of security.
Now the GDPR is operational there is nowhere to hide should you suffer a Data breach. By law all Data breaches must be reported to the certifying authority (The Information Commissioners Office). Companies found to be non compliant can be punished via fines or worse.
If you store no Data then nothing. However if you maintain any kind of Data storage then GDPR is designed to ensure you've taken at least minimum steps to ensure the Data cannot be stolen or otherwise compromised. For any company that relies on stored Data then this isn't such a bad thing. Most companies that have recognised there is a real threat around internet based security will have most likely already reached some sort of level of compliance.
GDPR is designed to ensure your Data is protected and unusable to outside parties. In complying with GDPR you are protecting company assets and company IP, something that should be done anyway. In adopting GDPR additional systems and procedures may need to be put in place to ensure both yourself and your clients are adequatley protected.
This very much depends on the way you currently collect and store Data. A specific aim of GDPR is to protect clients' personal Data by pseudonymisation of any identifying Data fields. For example a clients name would be replaced with a unique number rendering the Data record less identifying. This process would be more applicable to large amounts of Data used for analytics though.
Think of it this way. The GDPR is like the UK speed limit. Everone needs to comply. However if your car is incapable of travelling above 30 mph then you can pretty much ignore the speed limit. If your car routinely drifts up to 40 or 50 mph then you need to be looking at the speedometer almost constantly. The GDPR is similar in that a lot of companies don't deal with personal or sensitive data. Those companies need to comply but they don't need to do a lot. Others, mostly ones that deal on a B2C basis should have appropriate guidelines, training and systems in place to show they are compliant.