GDPR Requirements: What Your Small Business Needs to Know

GDPR is one of the most important and extensive data privacy laws in the world. Its requirements apply to all companies that process consumer data of European Union (EU) citizens, regardless of size, industry or country of origin. We have noticed that privacy policy changes have flooded your inbox from other companies, such as Microsoft or Facebook, it's because of the GDPR. Now that the regulations have the force of law, companies face heavy fines for non-compliance. “Its primary goals are to empower citizens to restore personal control over their data [and] to simplify regulation for businesses,” said Peter Milla, chief data officer at Cent.

“This applies to all Member States. Regulation has caught many companies off guard. According to an ESG survey, only 11% of 700 organizations were fully ready at the start of 2018 and only 33% said their incident response plans meet GDPR requirements, but that number could be even lower. Potential fines for non-compliance or privacy breach depend on which is greater: $20 million or up to 4% of a business, depending on factors such as business size and if the body regulator believes the company has made a good faith effort to protect its data. Here's what you need to know about GDPR requirements and how you can prepare for your U.

What is the GDPR? GDPR was first proposed in 2012 as a way to create consistent data privacy laws across EU member states. The legislation replaced the Data Protection Directive of 1995, which was a series of recommendations to guide EU countries to create their own data. Privacy laws. The final GDPR text, approved in 2015, includes the following GDPR requirements, as reported by TechCrunch: Anyone involved in the processing of EU consumer data, including third parties involved in data processing to provide a particular service, can be held responsible for an infringement. When a subject no longer wishes their data to be processed by a company, the data must be deleted, "provided that there are no legitimate reasons to keep them".

Businesses must appoint a data protection officer if they are processing sensitive data on a large scale or collecting information on many consumers (small and medium-sized businesses are exempt if data processing is not their main activity). Businesses and organizations should notify the relevant national supervisory authority of serious data breaches as soon as possible. Parental consent is required for minors of a certain age to use social media (a specific age within a group ranging from 13 to 16 will be determined by each country). There will be a single supervisory authority for data protection complaints, aimed at simplifying compliance for businesses. Individuals have the right to data portability to enable them to more easily transfer their personal data between services. How will GDPR affect small businesses? At first glance, it may seem that the GDPR only applies to large global companies that do a lot of business overseas.

But this is a misconception that could hurt many small businesses, Milla said. Regardless of the size of your business, if you collect personal data about EU citizens, from email addresses to medical records, you are legally required to comply with GDPR regulations. Impacted by the change and will need to understand their responsibility to comply with regulations, ” said Daren Glenister, Intralinks' Field Technology Manager.

“[Businesses] will need to put in place procedures and systems to ensure that [EU] citizens' data resides in the country of registration and will need to validate how personal data is collected, stored, processed and shared. Most companies are far from that point: "Only 25% of customer data meets GDPR requirements," Milla said. Records that businesses deem harmless will also be considered protected data if they can be used to identify a consumer. Name and zip code and condition, in a small rural area - that's information you can use to identify someone, ” he added.

Brexit and GDPRA Britain is preparing to leave the European Union in 2019, with many companies assuming that UK data protection laws will be less stringent than those in Europe. That's not necessarily the case, Milla said. GDPR because they have to be GDPR compliant before Brexit actually takes place, ”Milla warned. Indeed, the monitoring of data protection practices in the UK may be more stringent than in other countries because, Milla said, they are already committed to greater security, however, the regulations in place in the UK -Uni could be a useful way

written by: