GDPR rules still apply after January 1st- what small business’ should know

Some uncertainty remains with businesses who deal with the EU on the provision relating to data after the end of the transition period on 31st December. The UK government stance is that GDPR is and will remain engrained in UK law during the transition period and into 2021.

The EU is conducting a data adequacy assessment of the UK and if the EU grants positive adequacy decisions by 1 January 2021, it would mean that personal data can flow freely as it does now, without any action by organisations. With only weeks to go, the EU has yet to decide as to whether they accept that the UK’s data protection regime is still adequate.

At this stage nothing much is changing, but it is essential – especially for small businesses – that they ensure their data protection procedures, and data transferring are up to date and compliant. For small businesses who have moved from a physical location to an ecommerce solution, they may not realise that some procedures when sharing customer data are not compliant with even UK data laws.

James Tilbury, Managing Director at leading IT support company, ILUX comments: “We have been following all updates from the UK government for our clients and have been waiting to see how the EU will respond with their opinions on our current data standards. This will decide whether this will affect how we share data from 1st January 2021 and whether additional requirements will be put in place. But this is only for those who share data with EU countries. In the UK, things will not be changing and GDPR law remains ingrained in our data procedures.”

As well as sharing customer data, businesses need to make sure that their cyber security is up to date. Cyber threats are not exclusive to larger companies and a data breach can be costly for a small business. James explains: “Earlier this year our research with homeworkers highlighted that 1 in 10 home workers did not feel that they were GDPR compliant working from home. A quarter also said that they felt their systems were inadequate to do their job. Having the adequate cyber defence software and hardware is essential, but more importantly it needs to be regularly updated to ensure if protects against the most recent threats. Employee training on best practice and familiarisation on the signs of an attack are also essential activities that should be undertaken on a regular basis. If a small business is unsure, it is always advisable to speak to a professional to understand the requirements of the business, and make sure this is communicated to all staff handling company equipment and information.”

  • Show Comments

Your email address will not be published. Required fields are marked *

comment *

  • name *

  • email *

  • website *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like

Newey & Eyre backs new life saving wiring regulations while saying preparation is key

Newey & Eyre backs new life saving wiring regulations while saying preparation is key ...

energy

ABB Helps Create World’s First Energy Self-Sufficient Multi-Family House

ABB technology has helped make the world’s first multi-family, energy self-sufficient house a reality. ...

Chance to win a £500 holiday voucher, with SWA’s Tauras Gland Challenge

Chance to win a £500 holiday voucher, with SWA’s Tauras Gland Challenge Think you’re ...