Some uncertainty remains with businesses who deal with the EU on the provision relating to data after the end of the transition period on 31st December. The UK government stance is that GDPR is and will remain engrained in UK law during the transition period and into 2021.
The EU is conducting a data adequacy assessment of the UK and if the EU grants positive adequacy decisions by 1 January 2021, it would mean that personal data can flow freely as it does now, without any action by organisations. With only weeks to go, the EU has yet to decide as to whether they accept that the UK’s data protection regime is still adequate.
At this stage nothing much is changing, but it is essential – especially for small businesses – that they ensure their data protection procedures, and data transferring are up to date and compliant. For small businesses who have moved from a physical location to an eCommerce solution, they may not realise that some procedures when sharing customer data are not compliant with even UK data laws.
We have been following all updates from the UK government for our clients and have been waiting to see how the EU will respond with their opinions on our current data standards. This will decide whether this will affect how we share data from 1st January 2021 and whether additional requirements will be put in place. But this is only for those who share data with EU countries. In the UK, things will not be changing and GDPR law remains ingrained in our data procedures.
As well as sharing customer data, businesses need to make sure that their cybersecurity is up to date. Cyber threats are not exclusive to larger companies and a data breach can be costly for a small business. Earlier this year our research with homeworkers highlighted that 1 in 10 home workers did not feel that they were GDPR compliant working from home. A quarter also said that they felt their systems were inadequate to do their job. Having adequate cyber defence software and hardware is essential, but more importantly, it needs to be regularly updated to ensure it protects against the most recent threats. Employee training on best practice and familiarisation on the signs of an attack are also essential activities that should be undertaken on a regular basis. If a small business is unsure, it is always advisable to speak to a professional to understand the requirements of the business and make sure this is communicated to all staff handling company equipment and information.
For more information on GDPR or to have a no-obligation discussion with an expert contact us now.
ILUX kickstarts 2024 with new jobs, new people and new clients
ILUX, the IT support and consultancy business, has kickstarted the year with key promotions and new staff, and added three local household names to its client portfolio. The company began working with Premier Travel in January as a strategic IT consultant to the business. The travel agency, [Read more]
Unlocking efficiency: How outsourcing your IT can save you money, time and improve patient care
As the demands on hospices continue to grow, so too do the demands on each organisation's operations and infrastructure. The need to improve all aspects of patient care, organisational management, and compliance, makes it essential to streamline operations wherever possible. One strategic move gaining momentum in the [Read more]
Anti-Virus is no longer enough
Over the past 12 months, we have seen a significant increase in the number of cyber attacks on SMEs. Gone are the days when hackers only targeted large businesses. They are increasingly turning their attention to small and medium-sized organisations where there is likely to be less [Read more]
