Last week, we raised a question that has been tickling the back of small business owners’ minds for months: you have heard about GDPR, but what should you be doing to ensure that your business is compliant? Of course, the General Data Protection Regulation (GDPR) is pretty complex, but there are some simple shifts that small businesses can make to stay in compliance.
One of the key principles of GDPR is that businesses must inform consumers about why they are processing personal data and how long it will be stored. At its core, this principle is about transparency. It’s not that GDPR mandates how long data may be stored or even how it may be used. Rather, it simply requires that consumers be informed and asked to consent before their data is utilized by businesses.
- Who is collecting the data?
- What data is being collected?
- What is the reason the data is being collected?
- Will the data be shared with any third parties?
- How will the information be used?
- How long will the data be stored?
- How can a data subject withdraw consent for his or her data to be stored?
- How can the data subject raise a complaint or ask questions about data storage?
Ask for Help! We are Here for You!
Still unsure about GDPR and what it requires of your small business? We wrote a more comprehensive article about GDPR and small business that you can access here. You can also sign up for a more in-depth conversation about how GDPR impacts your specific business by scheduling an appointment here. Our experienced and knowledgable business attorney is dedicated to making your business a success. Feel free to reach out!