Live Updates: COVID-19 Cases
  • World 18,490,441
    World
    Confirmed: 18,490,441
    Active: 6,074,019
    Recovered: 11,717,899
    Death: 698,523
  • USA 4,865,523
    USA
    Confirmed: 4,865,523
    Active: 2,257,992
    Recovered: 2,448,515
    Death: 159,016
  • Brazil 2,751,665
    Brazil
    Confirmed: 2,751,665
    Active: 744,644
    Recovered: 1,912,319
    Death: 94,702
  • India 1,865,947
    India
    Confirmed: 1,865,947
    Active: 588,981
    Recovered: 1,237,885
    Death: 39,081
  • Russia 861,423
    Russia
    Confirmed: 861,423
    Active: 185,601
    Recovered: 661,471
    Death: 14,351
  • South Africa 516,862
    South Africa
    Confirmed: 516,862
    Active: 150,286
    Recovered: 358,037
    Death: 8,539
  • Mexico 443,813
    Mexico
    Confirmed: 443,813
    Active: 100,124
    Recovered: 295,677
    Death: 48,012
  • Peru 433,100
    Peru
    Confirmed: 433,100
    Active: 115,198
    Recovered: 298,091
    Death: 19,811
  • Chile 361,493
    Chile
    Confirmed: 361,493
    Active: 17,810
    Recovered: 333,976
    Death: 9,707
  • Spain 344,134
    Spain
    Confirmed: 344,134
    Active: 315,662
    Recovered: ?
    Death: 28,472
  • Iran 314,786
    Iran
    Confirmed: 314,786
    Active: 24,634
    Recovered: 272,535
    Death: 17,617
  • UK 305,623
    UK
    Confirmed: 305,623
    Active: 259,413
    Recovered: ?
    Death: 46,210
  • Saudi Arabia 281,456
    Saudi Arabia
    Confirmed: 281,456
    Active: 34,759
    Recovered: 243,713
    Death: 2,984
  • Pakistan 280,461
    Pakistan
    Confirmed: 280,461
    Active: 25,065
    Recovered: 249,397
    Death: 5,999
  • Italy 248,229
    Italy
    Confirmed: 248,229
    Active: 12,474
    Recovered: 200,589
    Death: 35,166
  • Bangladesh 244,020
    Bangladesh
    Confirmed: 244,020
    Active: 100,926
    Recovered: 139,860
    Death: 3,234
  • Turkey 233,851
    Turkey
    Confirmed: 233,851
    Active: 10,607
    Recovered: 217,497
    Death: 5,747
  • Germany 212,331
    Germany
    Confirmed: 212,331
    Active: 8,399
    Recovered: 194,700
    Death: 9,232
  • France 191,295
    France
    Confirmed: 191,295
    Active: 79,501
    Recovered: 81,500
    Death: 30,294
  • Canada 117,031
    Canada
    Confirmed: 117,031
    Active: 6,487
    Recovered: 101,597
    Death: 8,947
  • China 84,464
    China
    Confirmed: 84,464
    Active: 800
    Recovered: 79,030
    Death: 4,634
  • Netherlands 55,955
    Netherlands
    Confirmed: 55,955
    Active: 49,805
    Recovered: ?
    Death: 6,150
  • Australia 18,730
    Australia
    Confirmed: 18,730
    Active: 7,876
    Recovered: 10,622
    Death: 232
  • S. Korea 14,423
    S. Korea
    Confirmed: 14,423
    Active: 770
    Recovered: 13,352
    Death: 301
  • New Zealand 1,567
    New Zealand
    Confirmed: 1,567
    Active: 22
    Recovered: 1,523
    Death: 22

How does the GDPR affect your small business

Author at TechGenyz Contributor
GDPR

Do you own a small business that collects, stores, or uses consumer’s personal data? If you do business in the EU, you must adhere to the GDPR rules regarding customer information.

So, how does the GDPR affect small businesses? Are you prepared to follow the GDRP rules? Keep reading to learn what you need to do for your small business. If you’re already working with a trusted provider of local internet marketing services, there’s a good chance you’re already compliant, but you should still have the call with your agency to discuss how GDPR affects you.

What Is GDPR?

The European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. The purpose of this regulation is to increase data protection rights for individuals. It improves business opportunities by enabling the safe transfer of personal data within the digital market.

The European Commission says these rules will guarantee “the fundamental right to personal data protection” for all citizens. This serves to increase customer trust in online services. Business owners will also gain the confidence they are following clear and uniform legal rules.

The GDPR encompasses a broad territorial reach. Its scope includes companies working in the EU. It applies to business selling products or services from outside the EU to EU citizens.

This rule also applies to all organizations that track the “behavior” of EU citizens.

What Is Personal Data?

Businesses must understand the definition of personal data under the GDPR. Personal data describes all information that can directly or indirectly identify a living natural person.

The most obvious identifiers are the name and social security, identification, driver’s license, or passport numbers. Addresses including mailing, email, and IP that can locate an individual. Other personal numbers include telephone, credit card, account data, and license plate.

Some information is less clear. For example, identifiers describe physical, physiological, genetic, mental, commercial, cultural, or social characteristics. The European Court of Justice further considers recording work time and breaks as personal data.

Employee candidate answers on tests and remarks made by the examiners also represent protected personal information if the candidate is identifiable.

Subjective data may apply as well. This includes opinions, judgments, or estimates related to a natural person. Examples include an employer’s estimate of a worker’s performance or whether a person’s credit is adequate.

When evaluating the data you collect, don’t forget health data, biometrics, and racial and ethnic information. A person’s political opinions, religious or ideologic beliefs, and trade union membership must receive protection as well.

What Is a Data Controller and Data Processor?

The role of data controllers and data processors are key to handling personal data. The GDRP defines these roles. Your company may need both roles or serve only one.

For example, if you sell online, you have your customer’s log in that collects personal data. Most companies have a system that manages the sales. You may use an external company to handle these 2 processes.

In this case, you become the data controller because you decide what information to collect and why. The company/companies you hire are then the data processors. Data processors acting on behalf of the data controller.

If you store any customer data, you are a data processor. Thus, you must prove compliance with the GDPR rules for processing personal data. You must show that the business:

  • Processes personal data lawfully, fairly, and with transparency
  • Only collects data for the stated purpose
  • Only collects the least amount of data necessary
  • Ensures information is accurate and up to date
  • Does not keep data in an identifiable form longer than necessary
  • Always ensures security during the processing of data

The data controller’s responsibility is to ensure the data processor follows all these rules. The data processor must also provide evidence that they adhere to the standards. Both the data controller and data processor are liable if a breach occurs.

How Does the GDPR Affect Small Businesses?

If you are a small business, are you compelled to follow the GDPR standards? All businesses that process personal data that can identify a specific living natural person are subject to the GDPR rules. This applies even if the information is in a structured paper format.

Failure to meet the GDPR standards can result in fines up to €20 million or 4% of your annual income, whichever is greater. Thus, the safest approach is to assume the rules apply to you.

If your business does not sell products or services or track EU citizens’ behavior in the EU you may be exempt. However, on January 1, 2020, The California Consumer Privacy Act (CCPA) goes into effect. This means that if you do business in California, very similar rules will apply.

Experts believe the CCPA is the start of legislation that will spread in the United States. Bringing your business into compliance allows you to be ahead of the game.

Start today by detailing all personal data your company or a third-party company collects. Document the location of every piece of data and how it’s used. If you sell personal data, make an accounting of that information.

Identify the data controllers and data processors. Create documents describing the expectations of each role. Also, develop a plan for ensuring compliance with your policies.

If a customer asks you to remove all their data, are you ready to meet that request? Can you locate all the pertinent data and erase it? You will need to understand when you should not erase data.

Develop a quality assurance plan to ensure your company continuously meets all criteria. If a third-party company is unable to prove compliance, you are at risk. You may wish to make new business arrangements.

What Is SAR?

Your employees have rights related to the personal information kept by the company. They have the right to make a “subject access request” (SAR). This applies to current and former employees.

It can include personnel files, internal memorandums, meeting notes, and email correspondence. Failure to meet this request can result in fines, enforcement action, and damage to your reputation.  You must provide the following information:

  • Personal data collected and used
  • The reason for personal data collection and use
  • All individuals who have access to that personal data
  • How and why automated decisions related to the individual personal data are processed

According to the GDPR, businesses may charge a “reasonable” fee to complete a SAR if the request is deemed unfounded or excessive. All requests must be met within 30 days.

Failure to provide this information can result in a maximum fine of 4% of global turnover or 20 million euros, whichever is higher. The individual also has the right to pursue a court claim.

Many businesses offer products and services to assist with GDPR and SAR compliance. They provide knowledge and experience to ease the process of making your business GDPR compliant.

Do You Have a Tech Industry Business?

Technology has become part of most people’s lives. This creates great business opportunities. The concern for consumer privacy has also increased tech companies’ workload.

This article focused on, “how does the GDPR affect small businesses?” Our site offers information about all types of technology. We discuss hardware and software products. You can find information about future technology and gaming products.

We also provide opinions, best practices, and a buyer’s guide. Continue checking out our site today to learn more.

Career

Subscribe