News top

GDPR - Personal Data Consent: A Guide for SMEs

With GDPR coming into force on the 25th of May 2018, many businesses are trying to get compliant with the regulation. Being a small business, doesn’t mean that you fall outside of scope of GDPR – all companies, regardless of the size have to protect the data of their customers and employees.

However, in some areas, SMEs have the advantage to have fewer resources or to process lower volumes of non-sensitive data. As SME, it is very important to understand and record what ‘personal data’ you hold as a business, how it was collected, how it is held, how you use it, and where it is recorded.

The GDPR defines ‘personal data’ as:

...any information relating to an identified or identifiable nature person (‘data subject)’; and identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.

In case you are relying on consent to process ‘personal data’ of a data subject, GDPR is making this a bit more more difficult. The consent must be ‘unambiguous’ when given and it should be gained for existing customers too.

What you can do:

  1. Understand the As-Is process in your organization for obtaining clients’ consent;
  2. Make sure that the right procedures are in place, in order to meet all data subject rights under GDPR
  3. Review Terms and Conditions and supplier contracts: in case that your suppliers (as processors) are processing ‘personal data’ on your behalf (as a controller), you are obliged to update your contract with them and to include particular compulsory clauses that can be found in Article 28 (3) of the GDPR;
  4. Make sure that you and your employees understand what constitutes a personal data breach and create a process for escalating breaches internally: encourage organisational culture in which the employees feel comfortable in self-reporting when they have made innocent mistakes.

Besides personal data consent, there are other areas in your organization that may require review and modifications in order to meet all compliance requirements of GDPR. We believe that small and medium enterprises deserve the same access to quality consulting, legal and technology services as large corporations. Hence, we’ve created an easy-to-use assessment tool, which will prove that GDPR compliance doesn’t have to be complicated. Try now GDPRQ, specially designed for SMEs, and find out where your are and how to start on your path to compliance. By completing the online questionnaire, you’ll be already one step ahead toward GDPR implementation.


A honlap utolsó módosításának időpontja: 2018.09.21