Data is central to many businesses, providing insights which can lead to more personalised customer experiences through clever targeting. As such, the forthcoming changes to data protection are likely to considerably change the way companies handle their data – and small businesses are not off the hook.
For any organisation holding personal data, expectations to comply will be just as high, whether they’re a privately owned corporation or a sole trader. Whilst some small businesses may only handle small amounts of data, they have the most to lose when it comes to maintaining customer trust.
This is why we are calling on small business owners to seek information, understand the changes and act now to get a head start before the new rules come into play in May 2018.
It may seem a long way off, but it’s imperative that small businesses don’t delay their preparations. Securing support down the line will be more difficult and expensive as demand for professional compliance assistance increases.
This is why careful planning now is crucial as failure to adhere to the rules could result in fines of up to four per cent of businesses turnover. This is a high, but avoidable, price.
SMEs in particular should be mindful of the increased red tape that the new rules will bring. Here are some specific proposed changes which, in our opinion, are most likely to impact SMEs:
- The requirement of a higher standard of consent when obtaining personal details.
- Abolition of the right for businesses to charge a fee for subject access requests.
- Banning of IP address tracking which allows businesses to learn how individual users behave on their website.
The GDPR may appear to be a strain on small businesses in the short-term, but it’s likely to bring much-needed definition and clarity to data practice for the future. In our opinion, this will be a positive step towards more responsible and customer-centric marketing, which is something CIM has always advocated.
Aside from financial penalties, businesses are at risk of losing customer trust if they fail to comply, which may be more detrimental in the long-term. Small businesses in particular should have open and honest relationships with their customers which, beyond the paperwork, the GDPR will look to enhance.
Read more on data protection:
- A new data protection and privacy regime
- Keep on running: Protect your data and stay in business
- Companies that safeguard data privacy will reap rewards
Here are some tips to help your business get up to speed with the new guidance:
(1) Seek the right information – use available resources to understand the GDPR’s impact. The Information Commissioner’s Office has issued guidance for businesses, which can be found on the ICO website.
(2) Conduct an audit and set internal processes – review the personal data your organisation holds and how it is being used, and check that internal processes are in place for data to be captured correctly and deleted easily. Develop templates for things like response forms for subject access requests and assess response deadlines.
(3) Appoint GDPR champions – identify employees who can work alongside the senior management team to implement the new rules across the business.
(4) Raise awareness and set processes – start collating training materials and factsheets to educate employees on the new rules.
(5) Budget for additional resource – consider the action needed by your business and set budgets accordingly if external assistance is needed.
Steve Woolley is head of external affairs for the Chartered Institute of Marketing, and more information can be sourced from the GDPR.
Share this story