Skip to main content

What Will GDPR Mean for Your Business?

By Katie Bullon
Friday, March 16, 2018

What Will GDPR Mean for Your Business?

If your business holds ANY personal information about EU citizens then your business will be affected by GDPR.

From the 28th May 2018 the current laws on data collection and storage (including email addresses) will change and the General Data Protection Regulation (GDPR) will come into effect. You are required to take responsibility and ensure you’re your business is compliant to the regulations.

Many of our clients have expressed concerns and have reported confusion and overwhelm so in this post, we aim to make the law much clearer and explain the steps you need to take before May.

The facts you need to know

The personal data that the GDPR refers to is information that is private, professional or even public. This could be simply the names of your customers but also extends to photographs, social media posts, addresses, email accounts, IP addresses, medical information and bank details. The only significant data that is not your responsibility is information from law enforcement agencies or national security.

This law will impact on any business serving EU citizens, so even companies outside of the EU will still have to comply if they have clients or prospects in Europe. Also note that the size of a business is irrelevant, big corporations to small businesses all have to meet the same standards.

The GDPR states that any information stored must be done so safely, all information must be protected. Consider using pseudonymization, encryption or tokenization as methods to ensure you are compliant and make sure that if you back data up this is also protected. Those you store data on should know what information you have, how you are storing it and how you are using it.  

It is also important to check that any third parties who store data for you (for example automated email platforms) are following the regulations, don’t assume anything. If an individual gave your business their data then it is solely your responsibility to ensure it is safe, not the third party. 

There is also an obligation to consider how the data was collected in the first place. You need to check that the data you currently have was given with explicit consent. Any information that was taken without this knowledge must also be deleted.

If your company is large you are expected to employ data protection officers. Any data breach must be handled lawfully and the supervisory authority for your area AND the individuals whose data was compromised, must be informed.

If a business does not comply there is a potential fine of €10,000,000 fine or 2% of their annual turnover. There has been allowances made for very serious incidents though with a fine of up to €20,000,000 or 4% turnover allowed.

What to do now

The first step to take is an audit using the GDPR legal framework as a guide. The results of this will give you a clear path forward by highlighting the areas of GDPR you are not currently compliant in. The ICO website is a really helpful starting point.

Once you have completed the audit and amended any issues then GDPR wants to see a change in daily practice so that all businesses have systems in place so that they follow ‘data protection by design and by default.’

If this still seems overwhelming remember that there are millions of businesses having to navigate their way through this legal framework right now as well; seek support, reach out to your network or seek professional guidance.

Don’t fret!

These guidelines are being put in place to make all personal data more secure to protect us all as individuals. It will also mean better business and marketing practice in the long run. So, don’t fret!

How can Bull help?

As a business we are working towards internal business compliance and we are also on hand to assist clients in making their website and marketing processes GDPR complaint. 

We will be in touch with website clients in due course in regards to system updates which must be put into place if you want to ensure you are GDPR compliant. If you want to discuss this in more detail though, please contact us!

Return to index