You’ve probably had your fair share of GDPR emails by now, from companies wanting to keep you on their mailing lists, or trying to sell consultancy or GDPR information packs. But in terms of your business practicality, are you confident that the people supporting your business are GDPR aware? This includes your virtual assistant who, by the nature of their business, will be handling and managing data on your behalf.
We’re here to bust some common myths about GDPR, what you really need to do; what you don’t need to worry about; and where you can get the help you need to get it all in place.
“What is GDPR?”
The General Data Protection Regulation is legislation that affects the way all organisations collect and manage data. Its overriding aim is to protect individual privacy and ensure organisations handle data collection and management responsibly and ethically. The body responsible for enforcing the legislation, the Information Commissioner’s Office (ICO) has the remit to investigate, prosecute and fine businesses for non compliance.
“I’m an SME – GDPR isn’t for me”
GDPR is for any organisation that collects or uses data. Whatever size business you run – even if you are a sole trader – you need to know how the regulations apply to you and what you need to do to comply with them. Compliance varies from one organisation to another, depending on what data is collected, and what’s done with it, but it DOES apply to you. Not only must you take full responsibility for the data you use in your business; you will find that your clients may want to see evidence of your data management policies before they will do business with you – particularly larger clients who are spending more money.
“I’ve heard I might need a Data Protection Officer”
Data Protection Officers (“DPO”) are required for public authority organisations, those who handle sensitive data and larger organisations that rely on data collection for their business. The majority of SME businesses will not need a DPO, but they will almost certainly have data processors. A data processor is anyone who collects, organises, manages or uses the data in your business or on its behalf. A virtual assistant business is a good example of this, which is why it’s important to ensure that any third party that handles your data is already up-to-speed, has updated contracts and policies in place and has staff who are trained in GDPR and understand its impact on your day-to-day business.
“I’m using a virtual assistant – are they compliant?”
You will need to check that all outsourced support services that use your data are compliant so talk to them to find out what they have in place and whether they train all their staff to work to GDPR requirements. This is particularly important if your virtual assistant company or admin agency also uses third parties to handle any of your project work – you want to be sure that you are in control of how your data is shared, stored and used.
“Where do I get started?”
It’s not unusual for SMEs to put off things like this – there often aren’t enough hours in the day to sort out databases, understand regulations, write policies or update terms and conditions. But it has to be done. If your virtual assistant isn’t GDPR compliant then perhaps you need to think about finding help from an alternative VA service that’s up-to-speed and ready.
If you’re worried about complying with GDPR and are looking for a compliant virtual employee outsourcing service that can help with managing your database or contacting your customers, feel free to call us on 0800 994 9016 or use our contact form in the menu above.