You’ve probably had your fair share of GDPR emails by now, from companies wanting to keep you on their mailing lists, or trying to sell consultancy or GDPR information packs. But in terms of your business practicality, are you confident that the people supporting your business are GDPR aware? This includes your virtual assistant who, by the nature of their business, will be handling and managing data on your behalf.
We’re here to bust some common myths about GDPR, what you really need to do; what you don’t need to worry about; and where you can get the help you need to get it all in place.
“What is GDPR?”
The EU’s General Data Protection Regulation is new legislation that affects the way all organisations collect and manage data. Its overriding aim is to protect individual privacy and ensure organisations handle data collection and management responsibly and ethically. Even though the UK is currently negotiating to leave the EU, the legislation will still apply when it comes into force on May 25th 2018, and the UK parliament is currently moving legislation through that mirrors GDPR.
“I’m an SME – GDPR isn’t for me”
GDPR is for any organisation that collects or uses data. Whatever size business you run – even if you are a sole trader – you will need to know how the new regulations apply to you and what you need to do to comply with them. Compliance will vary from one organisation to another, depending on what data is collected, and what’s done with it, but it WILL apply to you. Not only should you take full responsibility for the data you use in your business; you are likely to find that your clients may want to see evidence of your data management policies before they will do business with you – particularly larger clients who are spending more money.
“But it’s not long until May 25th!”
True – but whilst many businesses are seeing this date as the end-point for GDPR compliance, in reality it’s the start of the process. Whilst you should be working towards having things in place by May 25th it is likely that many businesses will still have things to do after this date. , It is very unlikely that the body responsible for enforcing the legislation, the Information Commissioner’s Office (ICO) will be investigating, prosecuting and fining businesses on day one. It is still important, however, to make sure that your business is either compliant, or can prove it’s in the process of becoming compliant as soon as possible.
“I’ve heard I might need a Data Protection Officer”
Data Protection Officers (“DPO”) will be required for public authority organisations, those who handle sensitive data and larger organisations that rely on data collection for their business. The majority of SME businesses will not need a DPO, but they will almost certainly have data processors. A data processor is anyone who collects, organises, manages or uses the data in your business or on its behalf. A virtual assistant business is a good example of this, which is why it’s important to ensure that any third party that handles your data is already up-to-speed, has updated contracts and policies in place and has staff who are trained in GDPR and understand its impact on your day-to-day business.
“I’m using a virtual assistant – are they compliant?”
You will need to check that all current outsourced support services that use your data are compliant. Now’s a good time to talk to them to find out what they already have in place, what plans they have, and whether they are training all their staff to work to GDPR requirements. This is particularly important if your virtual assistant company or admin agency also uses third parties to handle any of your project work – you want to be sure that you are in control of how your data is shared, stored and used.
“Where do I get started?”
It’s not unusual for SMEs to put off things like this – there often aren’t enough hours in the day to sort out databases, understand regulations, write policies or update terms and conditions. But it has to be done. If your virtual assistant support team isn’t GDPR compliant then perhaps you need to think about finding help from an alternative VA service that’s up-to-speed and ready.
If you’re worried about complying with GDPR and are looking for a compliant virtual employee outsourcing service that can help with managing your database or contacting your customers, feel free to call us on 0800 994 9016 or use our contact form in the menu above.