tashka2000 - Fotolia

Personal data an area to work on before GDPR arrives

The deadline for GDPR is moving closer but SMEs continue to struggle with working out just what personal data they are holding on customers

Resellers looking to help customers get ready for GDPR need to be in a position to help SMEs understand the extent of the data they have on customers.

Many smaller firms are still trying to work out what constitues 'personal data' and are not sure if they have the right permissions to continue to contact customers in the ways they have been in the past.

The latest quarterly Close Brothers Business Barometer has revealed that there is still plenty of work that needs to be done to get SMEs ready for next May and the arrival of GDPR.

Neil Davies, CEO of Close Brothers Asset Finance, said that the GDPR regulations were designed to protect data for individuals and firms would have to ensure they were looking after information.

“It will ensure that all personal data has to be managed in a safe and secure way; has to be gathered lawfully; is only used for the purposes for which it was collected, and must be accurate and up-to-date," he said.

“The figures from the Barometer tell us that uncertainty persists on a number of key compliance issues and SMEs are concerned about the implications for them and their business," he added.

The barometer found that many firms were struggling to get a clear idea on some aspects of GDPR, including the new rights that customers would be given.

“The GDPR’s definition of personal data makes it clear that even online identifiers, for example an IP address, can be personal data,” said Davies. “The new definitions provide for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

“This example shows just how detailed the new regulations are going to be and it’s incumbent on business owners to understand what this means to them," he added.

Last week learning provider Litmos Heroes warned that a proportion of UK businesses were not ready for GDPR.

“As custodians of many organisations’ data protection controls, it’s staggering that so many IT businesses are not more prepared," said Tom Moore, managing director of Litmos Heroes.

“Make no mistake, the new regulation is coming, and if you handle the data of any EU citizen – Brexit or no Brexit – it will apply to your business," he added.

Read more on Data Protection and Data Backup Services