Businesses now have access to more data than they have ever had before. Whether its customer’s names and addresses, or an itemised list of their shopping habits and product preferences, customer and supplier data is collected and stored for various uses by businesses.

For many this personal data is the cornerstone of their business, allowing them to market successfully and maintain good relationships with their customers.

Most businesses have a central database or CRM where this data is collected and stored, however, with the latest Data Protection Act coming into force in 2018 what is required for secure data handling and storage is changing.

Now is the time to check your business and its handling of data to ensure that your business is going to meet the requirements.

What is the new Data Protection Act?

The new Data Protection Act brings the current Data Protection Act, designed in the 90s, into the modern day.

Back in the 90s companies held minimal amounts of data when compared to now. This has left many customers dangerously exposed, especially online, due to a lack of data control and protection.

In recent years there has been a steep rise in cybercriminals. Data breaches have given these criminals access to names, addresses, national insurance numbers and even pension information.

The main target of these data breaches are small businesses. SMEs are considered to be softer targets than large corporations, mainly due to the belief that less funds are spent on security and data protection. Whilst this may be true for many, it also means that this new Data Protection Act will hit SMEs the hardest as they face having to overhaul their data management in time for the new act to come into force.

It is worth noting that not all data leaks are from malicious acts, some data leaks are accidental. For example, sending data to the wrong email address or leaving a work laptop in a public place. It doesn’t matter whether the data breaches are accidental or not, this Data Protection Act holds businesses responsible for both.

What Challenges are SMEs going to face?

Other than the initial pressure to act on the management of their data, SMEs are going to face the challenge to update their processes to ensure that they have records of consent given by their customers to use their personal information.

For example, every customer who opts to join a mailing list will have to actively join, no pre-ticked boxes on the checkout page. In this case each business will be responsible for showing a clear audit trail of each customer consenting to be contacted. Whether this be via screen grabs and/or saved consent forms.

At the same time, any person (whether they are a customer or not), has the right to withdraw their consent whenever they wish to do so. Businesses are now responsible for ensuring that when they withdraw their consent that their personal details are erased permanently and within a reasonable timeframe. Effectively giving each customer the right to be forgotten.

Many companies collect data from customers directly via their websites, in these cases businesses will need to ensure that they have correctly managed the data collection and storage. They have to be able to pinpoint any data at a moments notice and prove that they have the procedures in place that will remove the data when needed.

Monitoring systems will be required and should your company have a data breach, the new act makes companies responsible for informing the relevant authorities within 72 hours of the breach whilst submitting a report on how the business plans on managing and restricting the data breach.

There are various other conditions within the new Data Protection Act, and no doubt it will be adjusted and improved as time goes by, but all businesses must be prepared for them and act in accordance to it.

Many small businesses are going to need to undergo a huge change, especially in the culture and their business organisation, in order to meet this new act when it comes into force in 2018.

How you can Prepare your Business?

Preparing your business for the coming changes is going to require a clear plan of action.

Reviewing your current data handling is the best place to start. Check what data is collected, how that data is collected and then how that data is used.

It is worthwhile looking at how customers come to you, sign up for mailing lists and purchase products and/or services. Pin pointing when data is exchanged and how will allow you to work out when consent forms are required and how that data can be easily but securely stored for when it is needed.

You can take it a step further and look at what data you collect that is surplus to requirements. After all, if you have been collecting a certain piece of data from customers that you never use and have no plans to use, then why collect it in the first place.

Ultimately businesses will need to review their website, data storage and their CRMs to ensure that they have the ability to store consent forms, keep the collected data safe, and can permanently delete data when requested.

A functional, secure and transparent system will help you as a business meet the new Data Protection Act. This is the element that the team here at Digital Nachos can help you with.

Get Ready Today!

Our team can review your website, data storage and CRMs to ensure that you are meeting the requirements of the new Data Protection Act. Whether that means tweaking your current system or creating a new system for you to use, Digital Nachos is here for you.

If you would like to discuss your data handling and the impact that this new Data Protection Act is going to have on your business, then simply get in touch with us today.

More information on the new Data Protection Act can be found via BT’s white paper on how to deal with the new EU Data Protection Act.

Published: 2nd Oct 2017

« Back