Changes to data protection law and small business
The European Data Protection Regulation is set to replace the Data Protection Directive and will come into force in the next two years. We wanted to see what impact this will have on small businesses, particularly how this affects data collected via a small business’ website. Initially the regulations will be focused on large organisations with over 250 employees but then this will slowly be extended to all businesses. To avoid massive change, and to keep costs down how can small businesses begin to prepare now for these changes? Getting clealy defined information has not been easy, reminding us very much of the messy implementation of the “Cookie Law” a few years ago.
Here is what we understand so far with regard to EDPR and small business;
- Consent to gather data will need to become more transparent.
- The “right to be forgotten” etc will mean you will need to have good processes in place for removing all data on an individual.
- A strong process should be in place for keeping Privacy Policies and other data up to date as this can be requested at any time.
- A greater emphasis on encrypting all personal data may well come about as rules on reporting breaches of non-encrypted data as tightened.
- According to this report tracking of IP addresses will be banned – this will impact some tools used to track visitors on websites but again mainly for large B2B companies whose clients will have their own IP address.
- The laws cover all individuals so will include staff members as well as customers.
- This may well impact use of tracking tools on your website, such as those which can track individual users once they have supplied their email address.
- Businesses who operate within the EU are all affected by this, along with those who store data in the cloud on non EU based servers.
- Its likely the ICO will publish a tool, closer to the time we need to implement these new regulations to make the transition easier – lets hope its a good one!
Here are two resources we have found to be relevant and offer some plain English;
This one from Computer World
This one from Computer Weekly
We’ll be working to keep up to date on these changes and what this means for small independent businesses and their websites. You can look for information and updates on the ICO website.