The European Union’s General Data Protection Regulation (GDPR) will be coming into effect on 25th May 2018. It’s a wide-ranging piece of legislation, with maximum fines of up to €20 million or 4% of annual turnover.The law is primarily aimed at keeping big businesses in check, reigning in their powers to collect data on millions of people without their consent. And, it’s about giving power back to consumers.The GDPR may also affect your small business too – even if you’re not based in the European Union. This is because the GDPR affects any company that collects personal information of citizens of EU countries. Above all, this means customers, but it also covers current and former employees.A huge number of businesses still haven’t prepared for the GDPR – so it’s sensible to get educated before it’s too late.
The GDPR means that if you collect personal data on EU citizens, you need to take some extra steps in terms of how you manage that data. ‘Personal data’ stretches to a lot of things:
Many small businesses might be collecting more of this data than they realize. Say you run a consulting service over the internet. All the information you receive from your customer that you write down or otherwise record – their bank details, their business activities, their name and address – all count as personal data.The regulation takes a lighter approach to small businesses, and you’re less likely to be scrutinized. All the same, many businesses will be affected if:
Small businesses can take a few simple steps to become GDPR-ready:
For more straightforward tips on growing your online service business, check out our blog.