Next year, UK businesses will undergo huge changes as the GDPR comes into effect. From May 2018 the General Data Protection Regulation will come into force, aiming to put data security at the top of every company’s priority list. The new law includes fines for companies which are careless against hackers – if a business’ data is breached it will need to prove it has been compliant with the GDPR, or face fines of up to 4% of company turnover.
GDPR is set to affect all businesses and organisations, including public authorities and SMEs. Moreover, it will also have a huge impact on business services such as IT support and data centre providers. Many small and medium businesses rely on the business service industry to keep going, and it will be essential for everybody in the chain to be compliant.
The business service industry makes up a large part of the economy; everything from web design and office cleaning support is classed as a business service. Essentially, if an organisation is working hard to comply with GDPR then they will also have to carry out thorough checks in the companies they work with to ensure they are also GDPR compliant.
Here are some important points to consider:
You are likely to share or provide access to certain data to your services provider – they often require data access to do their job. For example, an IT support company will likely have access to business and personal data, and a PR or marketing agency may also require certain data to contact your customer database. However, other services such as cleaners, designers and copywriters probably don’t need access to any data. Establish who needs what data and why and don’t hand it over lightly – make sure that individuals have given consent for their data to be shared and any business service provider handles it responsibly.
If you work with any service providers based outside of the UK – which many companies do thanks to modern technology – you should ensure they are aware of the GDPR. They may not have to follow similar rules in their country, but it imperative they understand the importance of the data protection rules. Additionally, if you conduct business in more than one EU member state then you also need to identify your supervisory authority for data protection in each country.
If you need more information and guidance in relation to GDPR, visit the ICO website.