Data privacy and protection is changing. You have an obligation to comply, and if you’re not sure if it applies to you then asking us to see if you need to comply won’t cost a thing!
Compliance means that you need to review what you currently do, make some specific changes and transformations, appoint various organisational roles that are defined by the regulation, and then maintain your policies, systems, guidelines and processes on an ongoing basis.
Even as a small business, failure to comply with GDPR will leave you at risk of investigation and fines, at best. In worst cases it could seriously affect your revenues, profits and ability to trade.
Does GDPR affect my business, do I have obligations to comply with?
Give us a call or send us an email and we will be able to tell you quickly what you need to do, if anything.
What if I don’t comply?
Not complying means you will be breaking the law, so it’s not an option. In purely practical terms, not complying means that you are taking a big risk:
- Your customers and possibly other stakeholders are likely to ask you for confirmation that you are complying. If you can’t prove it, they are likely to take their business elsewhere;
- Not complying is likely at some point to damage your reputation as a business and how people view your trustworthiness. You will undo a lot of hard work put in to building your business;
- One of the ways that you could hit the radar of the ICO will be a data subject making a complaint about you. If you are not complying with GDPR you stand a high chance of being fined and that could be a life-changing amount that damages your operation.
However you view GDPR, see compliance as essential and not optional.
How long will the Nichcom process take?
It depends on a number of factors, such as the size of your operations, how much data you process, where you get it from and what you do with it. Nichcom provide you with all the tools you need for the journey to compliance and can move at the pace you set. If you can dedicate resource to completion of tasks the process will obviously be quicker but we recognise that in many cases this process will be another part of someone’s job. Our methodology is designed to take away the headaches and leave you to translate the specific business operations and processes onto our templates. From there we create all of your documentation, provide awareness and ensure that compliance is in place. We anticipate 4 or more visits to you as a part of the process.
How disruptive will this be for my business?
If you are not dedicating specific resource to the compliance process, then it’s going to take the existing time of some of your team, and by nature that is disruptive. The Nichcom methodology minimises the preparation time on your end and allows you to focus on getting to the point.
What about Brexit?
On 21st June 2017 the UK Government revealed its legislative programme for the next two years. Post Brexit, the UK intends to continue its compliance to GDPR but will nevertheless be required to make some changes to UK law, as we will leave the EU. Nichcom will be able to easily stay abreast of the UK compliancy requirements and translate any changes into your business.
Can’t I just do my compliance in-house?
You can, absolutely! To do so, you need to have at least a thorough understanding of the new regulation and numerous processes in place to carry out things like risk assessments and data protection impact assessments. You will also need to ensure that you have an independent set of eyes on your process, to keep a level of check and balance. Some companies, particularly larger organisations, are doing exactly that. For others, Nichcom’s service provides the right alternative, leaving you to run your business, and for a cost that is lower than the training you will need and effort you will spend on designing your processes.
Can’t I buy some software to do this all for me?
We are aware of some software solutions that have developed a GDPR compliance module, and we welcome that. These very largely provide tools for compliance around data subject requirements and so will be useful, in our opinion, for ongoing management of GDPR. We are not aware of any software solutions that can actually take an organisation through the whole compliancy process, it is too large and diverse in its make up.