Data is central to many businesses, providing insights which can lead to more personalised customer experiences through clever targeting. As such, the forthcoming changes to data protection are likely to considerably change the way companies handle their data – and small businesses are not off the hook.
For any organisation holding personal data, expectations to comply will be just as high, whether they’re a privately owned corporation or a sole trader. Whilst some small businesses may only handle small amounts of data, they have the most to lose when it comes to maintaining customer trust.
This is why we are calling on small business owners to seek information, understand the changes and act now to get a head start before the new rules come into play in May 2018.
It may seem a long way off, but it’s imperative that small businesses don’t delay their preparations. Securing support down the line will be more difficult and expensive as demand for professional compliance assistance increases.
This is why careful planning now is crucial as failure to adhere to the rules could result in fines of up to four per cent of businesses turnover. This is a high, but avoidable, price.
SMEs in particular should be mindful of the increased red tape that the new rules will bring. Here are some specific proposed changes which, in our opinion, are most likely to impact SMEs:
The requirement of a higher standard of consent when obtaining personal details.
Abolition of the right for businesses to charge a fee for subject access requests.
Banning of IP address tracking which allows businesses to learn how individual users behave on their website.
The GDPR may appear to be a strain on small businesses in the short-term, but it’s likely to bring much-needed definition and clarity to data practice for the future. In our opinion, this will be a positive step towards more responsible and customer-centric marketing, which is something CIM has always advocated.
Aside from financial penalties, businesses are at risk of losing customer trust if they fail to comply, which may be more detrimental in the long-term. Small businesses in particular should have open and honest relationships with their customers which, beyond the paperwork, the GDPR will look to enhance.
Here are some tips to help your business get up to speed with the new guidance:(1) Seek the right information – use available resources to understand the GDPR’s impact. The Information Commissioner’s Office has issued guidance for businesses, which can be found on the ICO website.
(2) Conduct an audit and set internal processes – review the personal data your organisation holds and how it is being used, and check that internal processes are in place for data to be captured correctly and deleted easily. Develop templates for things like response forms for subject access requests and assess response deadlines.
(3) Appoint GDPR champions – identify employees who can work alongside the senior management team to implement the new rules across the business.
(4) Raise awareness and set processes – start collating training materials and factsheets to educate employees on the new rules.
(5) Budget for additional resource – consider the action needed by your business and set budgets accordingly if external assistance is needed.
Steve Woolley is head of external affairs for the Chartered Institute of Marketing, and more information can be sourced from the GDPR.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
