Many small businesses (and probably many large businesses) are burying their head in the sand and hoping GDPR will just go away. The 25th May 2018 came and went and it has all gone quiet. Hasn’t it? It might be time to think again …
“I’m too busy running my business”
When you are busy focused on the day to day running of your business, it’s understandable that GDPR compliance gets pushed to the back burner. Besides, when those around you aren’t complying, why should you waste time and resources on doing the right thing?
We think it’s worth taking five minutes to think about what you want your business to be known for. Which side of the fence do you want to be on when push comes to shove? The one where the personal data held on customers, employees and other contacts is valued and protected and where laws designed to protect people are respected and observed? Or the one where corners are cut, personal rights are disregarded and laws are broken?
What your competitors and fellow businesses do is up to them but we think it’s worth investing a bit of time and money to make sure you are on the right side of the fence.
“I'll pay attention when businesses start getting prosecuted by the ICO"
We often hear this line from small businesses who are then surprised to hear that the ICO is already taking action on a wide range of organisations for personal data breaches. Whilst we continue to believe that post 25th May, the ICO hasn’t suddenly gone on the warpath for small business, the regulator can’t ignore complaints made or breaches reported to them.
The ICO has announced 11 actions since 25th May 2018 on personal data protection. The problems that caused these actions happened before 25th May but that only means that the size of the fine is smaller than it would be since GDPR came into force.
Examples of actions announced against businesses since 25th May are:
• A software company in Wales was fined for allowing its lines to be used to send spam texts to individuals without their consent
• A property company in Sheffield was fined for failing to alert people to its use of CCTV, for failing to register with the ICO and for failing to comply with an Information Notice
• An insurance broker in Lancashire and a double glazing firm in Wales were prosecuted for making nuisance calls to householders
• A bible society in Wiltshire was fined for a cybersecurity breach that put their supporters' personal data at risk
• An estate agent in Lancashire was issued an enforcement notice for failing to respond to a data access request
You can read all about these actions on the ICO website where they are published on a public register, with the name of the company concerned. Often though, all you need to do is type the company name into Google or Bing and you can see the negative coverage on the first page of your search results. The fines associated with enforcement are not insignificant but the reputational damage is likely to have a far greater impact on the businesses concerned.
So whilst we don’t want to panic small businesses, we do want to encourage you to think about which side of the fence you want to be on and to chivvy you to become GDPR compliant. You can save time, money, and a whole lot of hassle by getting your GDPR systems in place now.
For all the tools and guidance you need, subscribe to Astrid today.
Protect your business - become and remain GDPR compliant with Astrid