50% of business owners are not aware of the upcoming changes to data protection laws.
Businesses have more contact with their customers’ data than ever before, and the EU Parliament are taking steps to ensure that consumers’ information is secure. It will become a legal requirement to comply with the rulings regarding data protection, and many experts are advising that businesses are prepared. The new legislation will be put in place in order to make businesses more responsible for their data handling. Here are some key points from the list of changes which you should look out for:
Consent – Businesses need to acquire clear consent from their customers to be able to retain their data. Pre-ticked boxes in online forms will no longer be legal.
The Right to Be Forgotten – Customers will be able to request that a business stops using and collecting data on them. Customer data is valuable to businesses, but this rule means that they may have to give up any information they have on request.
The Right to Transfer Data – Customers will be able to request their data profile from a business in order to transfer it to a new business (this can be given to a competitor for example).
Data Protection Officers – Large businesses will have to employ an officer specifically to manage their data handling. SMEs however only need to do this if data processing is at the core of their business (for instance a data analysis or marketing company).
How to Comply
National watchdogs will be in place to issue fines to businesses that do not comply with the new laws, and in the event of a data breach, companies must report the issue to regulators within 3 days. Fortunately for SMEs, it is larger organisations which will face the biggest challenges in adhering to the changes, however many small businesses will need to adapt. If you run an ecommerce website, take orders online, or collect any aspect of your customers’ information (online or offline) then you need to be aware of the new legislation. If your business isn’t equipped to properly manage your customers data you may need to outsource to a third party data management company or enrol either yourself or an employee in a training course.
Preparing Your Business
Although the new rules are still being finalised, they are expected to be passed in just a few months’ time. Once introduced, all EU member states will automatically be required to comply. If businesses are not fully compliant by December 2017, then penalties will be enforced. Fines can extend to as much as 4% of a business’s annual turnover, which is potentially damaging for small businesses.
Talk to Your Employees
You may want to educate your workforce on data protection and remind them of your business’s obligation to comply with new rulings. Ensuring you and your staff are educated and well equipped for the changes goes a long way to fully complying. This press release from the European Council has more information if you have any concerns.