It’s fast approaching the end of April, which can only mean one thing – GDPR is almost upon us! And we know, it’s all anyone can talk about at the moment, but for good reason. But the big mistake some businesses are still making is assuming that GDPR is solely an IT issue. It’s true that IT is a big part of it, but GDPR will have an impact on almost every part of your business – including how you handle ate payments and recovery. So today, we wanted to give you some last minute advice, in case you still aren’t sure of all the ways GDPR will affect you.

What Is GDPR?

But first, what is this big bad acronym that has business owners rushing around like ants? GDPR stands for General Data Protection Regulations, and it’s essentially the EU’s answer to the Data protection Act. However, unlike previous EU directives (which countries can choose to implement or not, and how), this is a regulation. This means it will apply to all EU countries in exactly the same way. It also reaches outside of the EU to any organisation that handles EU citizen data, regardless of their location in the world. The regulation is actually already in place – we are partway through a transition period that allowed businesses to get their house in order before the regulation comes into effect on the 25 of May 2018.

The aim of the regulation is to unify and standardise data protection policies, shoring up weak spots and creating a strong base for personal data protection. The regulation provides a single set of rules for all member states to follow (including mandatory security notifications, new rules around user consent, a clearer definition of what could be personal data and greater rights for people to access and request deletion of the information companies hold on them). A special council will be created to oversee sanctions and provide guidance.

And yes, even if the UK leaves the EU, GDPR will still apply. The UK government have pledged to bring GDPR under UK law to replace our Data Protection Act, so your business still needs to be prepared.

Areas Of Your Business Affected By GDPR:

The mistake a lot of businesses are making is assuming that GDPR will only really affect the IT department. And while it might be true that IT will certainly be hit hardest, that doesn’t mean the rest of the business is off the hook. In fact, there are 5 key areas of every business that will be impacted by GDPR:

Legal: The legal part of your business will be the one hit hardest by the implementation of GDPR. A lot of changes will need to be made to contract, terms and conditions, policy documents and processes to ensure that all consent rules are being followed properly. This might mean that your legal department, or a consultant, needs to review and maybe even renegotiate some contracts for employees, vendors and customers, which could put your payment cycles into chaos.

Finance: Your finance function will also take a bit of a hit, because GDPR will hugely influence the way accounting and financial processes work within your business. After all, huge amounts of confidential information passes through your finance department – from account numbers to names and contact details for chasing late payments. So you will need to make sure your systems are completely bulletproof. This is one of the areas GDPR enforcers will crack down on hardest if your financial data is not properly guarded.

Sales & Marketing: Sales and marketing departments are the front line when it comes to dealing with customer data. They are usually responsible for the collection of data, so the consent rules need to be carefully followed. Sales and marketing need to make sure that their teams are addressing customers who have opted in or given their direct consent to receive it.

HR: GDPR doesn’t just change the rights of your customers – it changes the rights of your employees too. It’s all about giving employees increased safety and security, knowing their data is well protected. Since employees can’t freely give consent under GPDR (due to the power dynamic in play), employers need to prove they have a reasonable need to use and process the data.

IT: And of course, no GDPR article would be complete without mentioning the IT department. Your IT capabilities are your first line of defence against data breach, and so your IT foundations need to be secure and solid. That’s why so many IT departments are running around like headless chickens trying to get everything ready.

At Debtcol, we are constantly reviewing and updating our policies and procedures to ensure that the confidential data we deal with on a daily basis is kept safe and secure. We also work closely with our customers to ensure they are storing, sending and handling the data relating to late payments in accordance with GDPR rules. If you would like to know more about how you can do this, or find out how we can help you reclaim money owed to you while still remaining GDPR compliant, just get in touch with us today.