1
GDPR WHAT UK SMBs SHOULD KNOW The growth of the digital economy is at the centre of why the GDPR is being put into place. The Information Commissioner’s Office (ICO) confirmed that the UK will still implement GPDR despite Brexit. GDPR WILL BE ENFORCED: 25 MAY 2018 72 HOURS The amount of time you have to declare a data breach. GDPR is in place to enforce rules on how personal data is processed and protected. For non-compliance, you can face a fine of up to €20,000,000 or 4% of your annual turnover. IT, Senior Management and Marketing are the main departments that will be responsible for ensuring compliance. People have to provide consent for their personal data to be processed. Companies have to delete data if an individual revokes consent. Companies have to delete data that is no longer needed for its original purpose. The processing of data for children under 16 years of age requires parental consent. UK POPULATION 65 MILLION More than HALF OF THE UK still unware of GDPR Over 70% of UK adults said they’ve not been informed about the GDPR by their employer 44% of UK businesses are aware that they have suffered a data breach, 69% of which lost personal data as a result GDPR applies to all industries including: Academic Health Construction IT Entertainment GDPR applies to all countries worldwide that process UK or EU data. 80% of UK SMBs use security software, 20% have no defences at all. Becrypt’s Data Protection Suite can protect your organisation’s personal data on multiple devices, making the first step towards GDPR compliance easy and cost effective. Call Grey Matter on +44 (0) 1364 654100 or email [email protected] to find out more about GDPR and how Becrypt can help your organisation prevent data breaches. References • www.twobirds.com/en/news/articles/2016/global/what-should-smes-do-to-prepare-for-the-upcoming-gdpr • www.scmagazineuk.com/more-than-half-of-uk-businesses-still-not-fully-aware-of-eu-gdpr/article/633669/ • researchbriefings.files.parliament.uk/documents/SN06152/SN06152.pdf • www.computerweekly.com/news/450412202/EUs-General-Data-Protection-Regulation-unknown-to-most-UK-adults • www.worldometers.info/world-population/uk-population/ • www.information-age.com/2-5-uk-businesses-still-unaware-eus-new-data-law-despite-prospect-hefty-fines-123461295/ • www.assign-it.co.uk/gdpr-the-ico-announces-that-the-uk-is-going-ahead-with-the-reform-of-data-protection-rules-in-may-2018/ • www.itproportal.com/2016/07/12/it-security-why-small-businesses-suffer-most-when-hackers-attack/ • www.computerweekly.com/news/4500270456/EU-data-protection-rules-affect-everyone-say-legal-experts GDPR aims to minimise the collection of personal data as well as minimise the length of time a consumer’s data is kept for. SMBs with less than 250 employees will not necessarily have to maintain a record of data processes activities, unless the process causes a risk to rights or relates to crime. Sole trader or small business working from home? If you use data in relation to commercial activities, then you will still have to securely process or send data. RECORDS If your company processes a large amount of sensitive data you may have to hire a Data Protection Officer (DPO). If that doesn’t apply it is still worth nominating a staff member internally to help to focus implementation and drive responsibility. Building competences up internally over time will improve your overall strategy. SMBs are still urged to be more proactive and follow a risk-based approach to data protection and privacy. Start documenting your data processing practices in a basic way, such as a spreadsheet – define categories of data, the purpose of the data and who’s responsible for the data. 20% of UK IT decision makers are unaware of GDPR DATA BREACH ? 5.4 million SMBs in the UK The first step to begin GDPR compliance? Encryption – converting your data into code, preventing unauthorised access. DPO JOB GDPR IMPLEMENTATION What you need to know
