Mark Lewis, Partner and GDPR Specialist, Lodders Solicitors.

The new General Data Protection Regulation (GDPR) comes into force on 25 May 2018, marking the biggest shake-up of European privacy laws for 20 years. As a business owner, doing nothing is not an option as there are hefty fines for those who are not ready before the deadline.

There is no ‘phasing in’ period, so it is technically important that your data is compliant.

With significant changes to data protection obligations and increased sanctions for those who breach them, you are responsible for making sure your data and its processes are up to date ahead of the introduction of GDPR.

The new regulations replace the Data Protection Act 1998 and will mean tougher rules for the collection and use of personal data.

What Is Personal Data

GDPR aims to put the rights of individuals at the center of data protection and makes companies more accountable for the personal data they hold and what they do with it.

Personal data is any information relating to an identified or identifiable individual, which means any information that could be used, on its own or in conjunction with other data, to identify an individual.

Sensitive personal data, such as health information, or information that reveals a person’s racial or ethnic origin, will require even greater protection under the new regulations. There are additional requirements for any data relating to children.

Cost of a breach happening could be costly and can run up to 10,000 euros (2% of annual global turnover) or 20,000 euros (4% of global annual turnover) if the level of the data breach results in the loss of personal information.

Reports on how ready UK businesses are for GDPR show mixed levels of awareness and understanding. Around 27% believe GDPR actually applies to their business, while 7% fail to ask for consent to collect customer data, to more than half (55%) saying they were unaware of GDPR.

About 23% believe they do not need to securely store and encrypt customer data, and revelations show that a mere 40% of customer data is actually secure.

Complying Is Actually Good

With just a few weeks to go until GDPR takes effect, there has been more focus on the requirements of the new regulations and the time and resource necessary to comply.

However, there are numerous up-sides of GDPR for entrepreneurs.

GDPR compliance demonstrates a business has integrity, is trustworthy, and is committed to accuracy and transparency.

It is also an excellent platform to maximise the business’ marketing strategy as it enables your business to be efficient in updating and managing your data, and in turn, your customer relationships and marketing activities with them.

With all the data in one place and in a consistent format that is easy to manage, use, interrogate and analyse, the customer experience can only improve.

By cleaning and fine-tuning your data, data volumes will decrease with the knock-on effect of reduced costs and operational inefficiencies of keeping high volumes of out of date or unused data.

The data you do hold will be clean and up to date, further enhancing operational and customer-focused efficiencies, and maximising the potential relevance and engagement with customers.

Clean Data = Increase In Competitive Edge

Your business can and will talk to the right audience about the product or service that they are actually interested in, maximising engagement and potential responsiveness too.

In turn, this could enhance your business’ competitive edge, with a heightened customer perception of your business, and confidence and belief in the way you conduct business and your business ethics.

Another positive side effect of GDPR  for entrepreneurs is that the business will also be positioned as one that reaches a high standard of legal and policy compliance.

GDPR elevates the way in which your business approaches and addresses its customers’ data security, and their privacy too, placing this on an equal footing with other legislation such as Health & Safety.

This article was written by Mark Lewis, partner and GDPR specialist at Lodders Solicitors. The opinions and views in this article are for information only and do not constitute legal advice.