GDPR compliance for SMEs: Key areas to consider

One crucial area of legislation for any SME dealing with customers in the EU now is GDPR. This law came into effect on May 2018 which means businesses have now had a while to ensure ongoing compliance with it. With heavy fines imposed on any company that is found to be in breach of GDPR laws, it is certainly something that your business should pay close attention to. As businesses are now held responsible for keeping the sensitive personal information they may hold safe, you must ensure you do all you can to stay within GDPR rules. 

But what are the major things to think about here? 

Online security 

Top of the list for all businesses now is protecting themselves from online data breaches. This means that the cybersecurity measures your organisation has in place are key. If they are not robust enough and hackers breach your defences to steal sensitive data, you could well be held responsible. This makes investing in your cybersecurity arrangements essential so you have the required protection in place. It is also worth investing in training for staff around GDPR and online security. If they were to fall prey to an online scam which sees them hand over personal data to a hacker, this could also see your business held liable if you had not done enough to educate staff. 

Consent for data to be collected and stored 

Cybersecurity is one part of the GDPR regulations but what about the right your business has to collect and store data initially? This notion of consent is a huge factor within GDPR and something you must be able to show you have. Before any data is collected now, it is key to let people know what for and get their explicit consent to do so. The old days of gathering data to store without asking first or making people aware of why are long gone! 

The right of erasure 

Another major part of these laws is the right individuals have for their personal data to be removed from your systems or databases. This right to be forgotten is now open to EU citizens and must be actioned quickly by your company when they request it. This makes it essential to know where your data is stored so it can be accessed and deleted within the given timeframe. 

Data protection obligations got you in a muddle? Get on top of them quickly and easily with the CyberSmart Privacy Toolbox.

CyberSmart Privacy Toolbox