GDPR: Small business owners have to take this into account
Related Videos: GDPR for small business (May 2024).
Small businesses in particular are afraid of the GDPR - there is a risk of severe penalties for non-compliance. In this practical tip, you will learn the most important points with which you will continue to run your company in compliance with the law.
Implement GDPR correctly - you as a small business owner have to pay attention to that
Basically, the GDPR regulates the processing of personal data and therefore affects almost every company without exception. As soon as you use customer data for billing or send out a newsletter, for example, you must comply with the provisions of the General Data Protection Regulation.
- First, you should get an overview of where personal data is collected, stored and processed in the company. All of these processes are relevant for the implementation of the GDPR.
- When implementing the GDPR, you should adhere to the "Privacy by Design" principle. This means that you have to design the data collection processes in such a way that only the most necessary data is collected from the start. If you want to reach your customers by email, for example, you should not save the phone number.
- There is a distinction between sensitive and non-sensitive personal data. Sensitive data would be, for example, medical data, political opinions, ethnic origin, religious beliefs or sexual orientation. Social security numbers also fall into this category and therefore need special protection. You also need the consent of the data subjects in order to be allowed to store this data at all.
- In general, only save data that is really necessary. There must also be a valid reason why you keep this data. You also need the express consent of all data subjects.
- As an entrepreneur, you are responsible for the security of the stored data. So you have to make sure that they cannot be stolen or in the hands of someone else. If you transfer data over the Internet, this must be encrypted. If you also have customer data stored or processed by external companies, you must ensure that these so-called order data processors also act in accordance with the GDPR. Therefore, conclude a contract with your contractor that guarantees this.
- Make sure that you can delete this data on time or at the request of the person concerned. It is also important that the data from existing backups also disappear.
In the next practical tip you will learn what website operators have to consider when implementing the GDPR.