It’s been over 2 ½ years since GDPR was put into effect. It’s critical that businesses everywhere follow these rules and regulations, yet an astounding 50% of companies don’t know if they’re being fully compliant. GDPR consists of tons of rules and regulations regarding private data. And for those of you who are working at home or without a team, understanding these rules and regulations can prove difficult. 

If you haven’t sorted out GDPR and worried your home business isn’t following the guidelines properly, follow along with this overview of what it is, why it’s necessary to comply, and what rules to follow to make sure your business stays in line.

What is GDPR? 

GDPR stands for General Data Protection Regulation. Implemented in May of 2018, it is one of the largest global privacy laws to exist. It was designed to protect online consumers by having transparent and consenting conversations on what data is being and how it’s used. Because the law was passed in the EU (European Union), many small and home businesses in the United States don’t think it impacts them. And in the same regard, businesses that don’t necessarily sell something or collect data (like a blog), don’t think the law is relevant to them. Unfortunately, this almost always proves false. 

Who is required to be GDPR compliant? 

Any online business that reaches EU consumers should be compliant, even if your business isn’t based in the EU. So for example if you run an online store based in the United States but you sell to EU customers, you must be compliant. Remember, data doesn’t always mean fancy numbers and reports. Businesses are collecting data all the time without even knowing it. Accepting blog comments or email addresses from a newsletter is considered data. Chances are, you’re collecting some sort of data; whether it’s through an affiliate program, Google Analytics, etc. 

Why has GDPR been difficult for businesses to understand? 

While being GDPR compliant is required for businesses collecting data, implementing that communication to consumers can be difficult. It is a lengthy and meticulous law, and oftentimes businesses don’t want to take the time to understand it. As tedious as the process might be, it’s crucial. Because without it, your business could face thousands if not millions of dollars if data is stolen or lost. 

So, what do home business owners need to know about GDPR? 

When GDPR first came out, we were pandemic free. Which means you were probably in an office, and had a team of people around you to work with in understanding these important laws. But because we’re at home, things look a bit different. As a home business owner, here is a condensed checklist of items to make sure you’re staying GDPR compliant. 

Part One: Prepare

First, you’ll want to sort out all the sources of data collection on your website. This could be cookies, email collection, third party vendors, etc. You’ll want to write down how, why, and length of time you plan to keep this data. In addition, you’ll want to identify the lawful basis on which you’re collecting this data. Is it for consent? Legal obligation? Public interest? After you’ve come to this conclusion, you’ll want to make sure you have a system set up for keeping records on this data in case you need to defend yourself later. 

Part Two: Initiate GDPR Compliance

This is the time to actually create your consent policy and implement it. Make sure your consent is explicit and clear, and leaves no room for suggestion or speculation. You’ll also want to include a way for people to contact you about their data. After this, give your website security a boost. After all, you don’t want to give yourself any more reason for data to be stolen or lost! This is also a good time to revise or redo your privacy policy and terms and conditions to reflect the GDPR implementation. Check in with your third party resources to make sure they’re also being compliant, and regularly check in with current members or subscribers to make sure they’re still on board. And last but not least, add a notice and consent box to your website as extra protection.

Not sure if your home business is GDPR compliant? We can help! Thinline Technologies provides a variety of cyber security and IT consulting services, and can provide peace of mind in knowing you’re following the correct rules and regulations. Learn more about our services and contact us today.