• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
easy GDPR - we make compliance with GDPR easy

easyGDPR

We make implementing General Data Protection Regulation Easy

  • Home
  • Services
    • Software
      • easyGDPR Quickcheck
      • (DEP) easyGDPR lite
      • (DEP) easyGDPR Standard
      • Data Subject Requests
      • Sophos
    • IT Security
    • network checkup
    • SME digitization funding
    • Data protection consulting
      • Data protection
      • Cybersecurity
    • Training
      • Data protection
      • Cybersecurity
  • Partner
    • Resellerprogramm
    • Affiliate programm
  • GDPR
    • GDPR News
    • FAQ
    • GDPR Decisions
    • GDPR penalties
    • GDPR legal text
  • Shop
  • Contact
    • Contact
    • Newsletter registration
  • Login
    • Shop / Affiliate Program
    • easyGDPR Software
  • German
  • English

GDPR in small businesses

20/02/2018 by Andreas Schindler

The GDPR entered into force on May 25, 2018. It applies to all companies and organizations.  The whole issue is complex. A clear path of how the implementation of the GDPR in small businesses should look like is not given.

Do not panic. GDPR in small businesses can be simple.

What does the GDPR require in small businesses?

In simplified terms, the main requirements of the GDPR are:

  1. All data that can be directly or indirectly traced back to a person is personal data.
  2. This data may only be processed in a lawful manner and in a manner that is comprehensible to the data subject.
  3. This data may only be processed for specified, unambiguous purposes.
  4. Only the data that is absolutely necessary may be processed. – Data that is no longer required must be deleted or anonymized.
  5. Data subjects have a legal right to know what is stored about them and can demand corrections.
  6. The data must be processed and protected in accordance with the state of the art .
  7. A procedure directory must be created in which all of the company’s data processing activities are listed.
  8. A simple risk assessment must be made for all procedures.
  9. Only authorized persons may access the data.
  10. Data loss must be reported to the authority or the person concerned.
  11. Compliance with the GDPR must be demonstrated.

see GDPR Article 5

Why can’t I just ignore the whole thing?

Doing nothing will be expensive. Failure to comply with the GDPR risks high penalties. The GDPR gives data subjects a right to compensation and the possibility to complain to the data protection authority. The authority is obliged to investigate every complaint. The data protection authority may also take action without cause. (see GDPR Article 83).

The GDPR does NOT provide details on how to implement the above. It is required that appropriate solutions are used at the state of the art. It also requires that measures be regularly reviewed for appropriateness.

What needs to be done to implement the GDPR in small businesses?

  1. The first step is to determine what data processing is performed in the company.
  2. The processing operations must be documented (what kind of data is processed, to whom is the data transferred, …).
  3. For the processing operations, it must be specified how long the data is to be stored (see Storage Limitation and Retention Obligation).
  4. The risk to those affected must be assessed.
  5. Technical and organizational data protection must be documented.
  6. If there are any significant weaknesses, remediation must be planned.
  7. If there is any ambiguity or high risk to affected individuals, an expert must be consulted.
  8. A procedure directory must be created with this information.
  9. Processors must be found and contracts, in accordance with the GDPR, must be concluded with them.
  10. The privacy policy on the website needs to be updated.
  11. Employees must be trained to respond to affected person inquiries correctly. Protective measures in the company must be known to the employees.
  12. A date must be defined for the review of these measures.

No information needs to be provided to the data protection authority during preparation. Preparation ensures that you have the documents and information you need when stakeholders or the agency make inquiries.

How can I prepare as a small business without spending a fortune?

To make these steps easier for you, we have developed easyGDPR. easyGDPR is an online tool that supports you step by step in implementing the GDPR and helps you to correctly document the situation in your company.

With simple questions, even complex topics, such as risk assessment, become possible for you. Together with your IT manager/supervisor, you can easily answer questions about technical and organizational data protection.

We offer thereby for different industries such as driving schools, electricians, house administrations, horticulture, … special versions of our software. Frequently occurring processing operations are already predefined. This makes it even easier for them to create their procedure directory.

Our online tool in combination with our online training allows you to perform many steps of the preparation for the GDPR yourself. Our goal is to enable you to work on an equal footing with experts where you want to use them.

How much effort do I have to calculate for this work?

In our experience, the GDPR preparation for small businesses, without critical processing,  can usually be done in 3-4 hours.

In addition, there is the cost of any necessary data security measures (better firewall, data backup, …).

If potential privacy issues arise (e.g. you store unprotected credit card data, you work with health data,…), be sure to clarify the situation with an expert.

Where can I get help from experts?

Evening workshop “DSGVO simple and efficient”.

In our DSGVO evening workshop you will learn briefly and compactly the 1×1 of the data protection basic regulation. The workshop is based on the  “Informationsoffensive Workshop Datenschutz Neu” of the WKO NÖ. The speaker, Andreas Schindler, is a certified data protection expert and in the DSGVO consultant pool of the WKO NÖ. You can register directly via our online store or at the e-mail address:  easygdpr@schindler-it.com.
The workshops take place in our training center in 2100 Stetten, Hautstraße 49.

Category iconNews

Primary Sidebar

IT-Security Whitepaper Downloaden
  • German
  • English
  • Data Protection Statement
  • Terms and Conditions
  • Imprint
  • Licence terms for easyGDPR
  • GDPR terms
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking "Accept", you consent to the use of ALL the cookies.
SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non Necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

functionality

Diese Art von Cookies erhöht die Benutzerfreundlichkeit unserer Website. Beispielsweise wird darin die von Ihnen ausgewählte Sprache gespeichert. Auch die Verfügbarkeit von Videostreams und sonstigem Inhalt kann von diesen Cookies abhängig sein. Wenn Sie diese Cookies ablehnen, ist die Benutzerfreundlichkeit eingeschränkt.

Save & Accept