With the GDPR enforcement date of 25 May 2018 now less than three months away, as the Owner or Director of a small business you might well feel exposed in the face of regulatory requirements for which you become responsible upon taking up your position. As an office-holder you immediately become responsible in law for a whole range of duties, in particular if you hold personal data and employ team members.
The obligations placed upon you will include informing and training your employees, recording compliance related incidents, reporting incidents to regulators within certain time limits and being able to prove that you have done all of the above. If you fail to meet these compliance requirements then regulators typically have the powers to fine you, impose restrictions on your business or even prosecute you.
The two biggest areas of regulatory reporting for SMEs are related to information security, and health and safety. If you hold any personal data within your systems, or if you employ any team members or are responsible for any work premises, then you will fall within regulatory legislation, including the GDPR if you operate in the EU area.
This range of duties can be onerous and intimidating, but there are a number of software solutions available which can help you to both meet these regulatory requirements and, just as importantly, prove that you have met them if you are threatened with sanctions.
An incident notification solution is a piece of software, delivered through the software-as-a-service model, for a monthly subscription fee, which will allow a business to communicate with all of its key audiences through its own secure cloud-hosted communication channel, via e-mail, SMS, phone call and mobile app push notification.
There are five main ways in which an incident notification solution can help you to meet and prove that you meeting your regulatory compliance requirements
- Creation of a process to respond to regulatory incidents quickly and effectively.
- Notification of your team, your customers and the regulators of an incident, quickly and reliably.
- Distribution of legal and response documents to your team, as part of their education or in response to an incident.
- Placing an obligation on recipients to acknowledge delivery of your message and any accompanying documents.
- Automatically creating a detailed audit trail of your actions, messages, documents and who has received them, to show to regulators.
If you want to find out more, you can download a free white paper that we have produced on the subject, titled Keep Your Business Safe from Regulatory Fines.
It is important to remember that 25 May 2018 is not the start of the GDPR, but the final date in a two year transition phase from which the regulations surrounding the Directive will begin to be enforced. If you have not ensured your compliance already you need to start thinking about it right now.