Europe is now covered by the world’s strongest data protection rules. The mutually agreed General Data Protection Regulation (GDPR) came into force on May 25, 2018 and is designed to modernise laws that protect the personal information of individuals. The EU’s GDPR website says the legislation is designed to “harmonise” data privacy laws across Europe as well as give greater protection and rights to individuals. Organisations, and companies that are either ‘Controllers’ or ‘processors’ of personal data will be covered by the GDPR. So fasten your seatbelts, start up or not, this will affect you.
With this in mind, as a start-up business governed by the stringent GDPR legislation, you are almost at an advantage compared to long established organisations with extensive amounts of data. With adequate research, establishing whether you are a data controller and/or a data processor, you should be in a good position to implement your data collection, processing and handling correctly from the start, before things become overwhelming and let’s face it, costly. Like anything in business, research and planning is paramount. Try not to get too preoccupied on the legal jargon and just concentrate on the information that applies to your business or industry, and if you’re ever in doubt don’t be afraid to ask a professional. There may be a cost in seeking one to one support, however this could save you money in the long run if it means avoiding a hefty fine for breach of the Data Protection Regulation. Think carefully about where your data is going to come from and where it will be stored, then ensure this data is kept securely, documenting these processes wherever possible.
Being honest and open with your customer/client is the most important thing when it comes to GDPR. The legislation is there to ensure every individual has the right to know how their data is used, the right to access this information and the right to be forgotten. Therefore, make sure to keep things simple, document your processes and gain verifiable consent/permission wherever possible. As a small, start-up business you will most probably not be on the Information Commissioner’s register however, as long as you have shown considerable effort to conform to GDPR regulations then the governing body is likely to be in your favour – do your research, be transparent, invest in guidance and document your processes!
More information can be found here in the government’s guide to GDPR.
Want more help and advice in a handy guide? Pre-order a free copy of our 18/19 New Business Kit by calling 01482 427360 or email rebecca@360accountants.co.uk.
