25 Oct Data Protection / GDPR – Does it matter to small businesses?
The short answer is “yes”, it absolutely matters.
Not just because the Information Commissioner’s Office has the power to issue enforcement notices and penalties, but because it’s what we as individuals ourselves would expect of the companies that we entrust with our information.
One big reason that it’s important is because criminals can take advantage of a lack of knowledge of the rights of individuals to obtain information. They will simply submit a subject access request (SAR) to a company in the name of the person they wish to know about using a simple free email address which looks at first glance to be genuine (e.g. email@example.com). If that business knows their responsibilities then they will validate the requestor’s identify, establish that they are not who they say they are, and refuse the request.
That’s great in principle, but it’s been demonstrated recently that many small businesses simply aren’t aware that they can and should validate the source of the request, and have handed over a great deal of data when fraudulent requests have been made. This isn’t just damaging for the individuals whose data is disclosed, but to the organisations involved.
Small organisations don’t have the resources of large corporates, but still have to comply with the regulations, and it can be difficult to learn what you need to do at the same time as doing the things you do to keep the wheels of your business turning.
The good news is that it’s a logical process to be worked through. It can be speeded up with some guidance and support, although it’s possible to go through it using the information published by the regulator.
The essential steps for all small businesses are:
ï Data – What personal data do you process?
ï Lawful basis – What is your lawful basis for processing (you may have several)
ï Training – Make sure everyone is aware of their responsibilities
There is always more to it and every business is unique, but all will require these essential steps. You can do this all yourself, but if you would prefer to spend your valuable time doing what you do best then Alpha BI can help, including training on the things you need to know to maintain a high standard.
For more information www.alphabi.co.uk