GDPR Game Plan for the Small Business

By Kristina Podnar

One of the main reasons people start a small business is so that they can work for themselves. Many soon realize, however, that they’re at the mercy of a really tough boss. In a Gallup survey of small business owners, 39% of respondents reported working more than 60 hours per week. On top of that, there’s the never-ending awareness that the buck stops with you. Even if you delegate, everything ultimately ends up back on your desk.

When you’re under that kind of pressure, you have to prioritize. In doing so, people tend to ignore things that aren’t jumping up and down right under their noses. An example would be a data privacy law implemented on the other side the world…right?

Wrong.The EU’s General Data Protection Regulation, which goes into effect May 25, 2018, applies to companies of any size that have as much as a single customer, prospect, employee, or partner in any EU member nation. So the GDPR may very well apply to you, whether you realize it or not. And implementing the flawed childhood trick of pretending, “If I close my eyes really tight, maybe they won’t see me,” isn’t going to work. As much as you may cringe at the thought of putting yet another weighty issue on your to-do list, GDPR compliance won’t wait — and ignorance of the law isn’t an excuse.

However, while you can’t just ignore GDPR compliance, you don’t have to do it the same way as enterprise-level corporations. You can develop a gameplan that’s more in line with your own resources. Here are some suggestions:

Start with mapping your data

The hype about Big Data has led us to accept the assumption that more is better — so we scoop up every bit of data we can and store it away in case we need it some day. But you can quickly end up with a scenario reminiscent of the scene in Raiders of the Lost Ark where the Ark of the Covenant was put in a nondescript wooden box and stashed away in a warehouse full of other nondescript boxes.

Before you decide whether and how you’ll approach GDPR, you have to know where all of your data is (physically) as well as who has access to it. Some things will be obvious, like the data in a CRM platform. But this process also requires turning over a few rocks and thinking about things like emails that contain personal data, shared spreadsheets, HR and accounting records, etc.

Next, map your people

Another important step is to find out where the people you have data on live. If you in any way collect, process, or store data on EU citizens — even if it’s just one person — you have to follow the law.

Confront the elephant in the room: Is it worth it?

Nobody likes to fire a good employee or contractor — much less a customer! But, if you only have a handful of customers or Go to the full article.

Source:: Business 2 Community

Be Sociable, Share!