GDPR is looming – is your business ready?
It is reported that many small businesses are still either unaware of or unready for the new data protection regime, GDPR, that comes into force in May this year.
Businesses will have to ensure that any information they keep on their customers is stored securely, and this applies to both online and paper-based records.
They must also be able to remove any personal information if the customer requests it.
If any services are outsourced to another provider, they too must be GDPR compliant, and both will need to appoint a data operations manager to be responsible for security and compliance.
The new regulations will apply to even the smallest businesses if they keep customer records and there is plenty of advice on what they need to do on the ICO (Information Commissioners Office) website. This is the best source for information as the ICO will be regulating compliance and has the power to issue fines for non-compliance.
Two particularly helpful guides are the 12 steps to take now downloadable PDF and the checklists on the website, one for data controllers and the other for data processors, available here
At Colchester IT, we can assure our customers that we have already put systems in place to ensure everything is secure.
All websites are stored on third party software to ensure security and all data is now held on a separate server, not accessible to outsiders nor wifi enabled. Everything is also password protected.
In any event we only hold on to data for a maximum of 30 days.
We have also taken steps to ensure that any third party suppliers we use are GDPR compliant and of course, we ask for permission before we send customers any e-newsletters and updates.
We also ensure paper-based records are regularly shredded.