How Does GDPR Affect Your Business



The internet has changed everything, and that includes the way we do business. Things we thought were impossible not that long ago are now daily tasks that everyone has access to, whether that’s buying and selling online, instant messaging, paying bills, or banking. 


Most of us do all of this without even thinking about it; it’s become so commonplace that the dangers that might be lurking are either ignored, not known or forgotten about. Yet there is so much personal data being entered online every day, without a second thought. This is why something had to be done, as identity theft and cybercrime were spiralling out of control. 


GDPR (General Data Protection Regulation) was introduced in May 2018, and it’s the reason why you are told about cookies each time you go onto a website; you’re being informed, as perhaps the rules, that your data might be captured. Yet GDPR is about more than saying yes to cookies; it can affect your business hugely in both positive and negative ways. Read on to find out how, and to make sure when it comes to data protection, you do everything you can. 


What Is GDPR?

As we know, GDPR is about keeping personal information safe once it has been entered into a website, whether that’s to buy something or simply to log in and browse. Personal data can be anything, including banking details, credit card information, photographs, email addresses, phone numbers, names, addresses, passwords, details of location, social media status updates, medical information, or even an IP address


It makes no difference if the individual in question is inputting this data or using these sites in a personal or business-related capacity – it is about the person, not what they are doing, so GDPR is still needed in all cases. 

What Rights Do Individuals Have Under GDPR? 

Introducing GDPR was all about ensuring the protection of data for any individual who wanted to go online and who might input their data. Eight fundamental rights are catered for under GDPR. These are:


  1. The right to access 
  2. The right to be forgotten 
  3. The right to data portability 
  4. The right to be informed
  5. The right to have information corrected
  6. The right to restrict processing
  7. The right to object
  8. The right to be notified (of any breach in data protection)


Essentially GDPR has meant that individuals now have much more power when it comes to their data and what happens with it. Even if they have chosen to input that data into a website, they still have control over who can see it, and how it can be used. This should mean that this data cannot be given away or sold to any third parties without the individual’s express permission. 


The Business Implications of GDPR

Now that you have a brief idea of what GDPR is and how it might affect and protect individuals, if you run a business, you are going to want to know how it affects what you do too. This is crucial, as if you fail to comply with the regulations you will be inline for fines (which currently stand at 20 million euros or 4 percent of your annual global revenue – it will depend on which is the greater sum) which could ultimately bankrupt your business. Plus you could be liable for any losses incurred by your customers because you failed to adhere to GDPR. Your reputation will be damaged too, and this is not something many companies are able to come back from. 


How To Comply With GDPR

To ensure you comply, it is a good idea to employ a data protection officer to oversee everything. If your business is too small to sustain such a position full time, then you should do it yourself, or outsource the role. You need to do whatever it takes to make sure you are fully compliant as this could be the difference between the success or failure of your business. 


Other measures that are going to need to be put in place include (but aren’t limited to):

  • Reviewing privacy notices on your website to ensure they are up to date
  • Ensuring you are able to provide details to individuals who ask about GDPR or about their own rights specifically 
  • Updating procedures 
  • Have a contingency plan in place to investigate and report any breaches 
  • Carry out an information audit to ascertain how information is currently stored and whether this system needs to be updated or amended