You’ve probably heard a lot about the General Data Protection Regulation (GDPR) in recent months – and with good reason. This EU-led directive is set to totally transform the way in which companies conduct business, handing power to the people when it comes to personal information.
GDPR kicks into action on May 25th 2018, which means you have just over six months to prepare accordingly. No matter how small or large your company might be, compliance will be a legal obligation. Failure to do so can lead to huge fines – 4% of your revenue – enough to bring your business to its knees and taint your reputation.
Gaining an understanding of the ways in which GDPR will directly affect your business can ensure you’re ready for its arrival, and below is all the key information you need to be aware of:
First of all, you’ll need to make sure you are sourcing contacts and clients in a way that is compliant with new data laws. In the past, you could merrily conduct huge email marketing campaigns and fire off promotional messages to anyone on your contact list. Now, you need to encourage them to opt-in, otherwise you risk breaking the law.
To obtain personal information from contacts, you must ensure they are happy to let you do so. Prospects must fill out a form agreeing their data can be passed over to you, and then confirm this in a second message. These agreement forms should be stored away safely as evidence in case you ever need them.
GDPR means you can’t keep hold of personal data from old clients and not tell anybody. If you want to store this information, you must make the individual aware that you have it on record – and then ask them if they are happy to let you continue using it.
Most businesses have accounts spanning back several years, including the details of clients and customers that no longer work with them. Under the new law, you’ll need to have a clear picture of what data you have on whom, and be selective with what information you hold on to.
“Data minimisation” is looked upon favourably; with the regulation recommending you keep the data you actually need, rather than simply storing personal information for the sake of it. Data discovery tools can help you map out your data to make this process easier.
When processing information, it’s important to make sure you have a legitimate interest in doing so. For example, you would be within your rights to pass a debtor’s details on to a debt collection agency, but not to a third party for marketing purposes.
Choosing secure cloud solutions is also paramount, especially when it comes to using accounting software that stores reams of data on your business, customers and suppliers. Reputable platforms like Xero and QuickBooks will give you peace of mind that you’ve followed best practices when using data for accounting purposes.
We’ve only scratched the surface of this complex regulation, but hopefully this gives you an insight into how GDPR will affect your business, and how you can stay on the right side of the new laws.
Visit the GDPR Portal for more information, and be sure to take advantage of a professional accountant like Nabarro Poole to ensure you’re compliant. Not long to go now…