The General Data Protection Regulation (GDPR) is a change in EU law that came into force on 25th May 2018, and supersedes the Data Protection Act (1998).
About GDPR: Does it apply to my business?
The simple answer is yes. It applies to everyone.
There are no real exemptions for small businesses under the GDPR. The law is more concerned with business’ data processing activities and the risk they could pose to data subjects.
If you’re an employer of EU Citizens, regardless of your size, the data you hold about your staff is in-scope.
If you have customer and marketing lists that contain any kind of personally identifiable data, then these activities are also in scope.
In fact, businesses need to demonstrate they have specific and explicit consent from customers to process their data purely for marketing activities.
OK, so what do I need to do?
If your activities are in scope, there are certain requirements under the GDPR that need to be in place for your business to continue operating and be compliant.
Read through our products and services pages. You may need to check that your website is secure and compliant or your new staff (or current) may need training in GDPR and how it is applied in the workplace. We also offer support with your documentation and help you to prepare for, manage and report data breaches. If you are not sure of your specific requirements, please get in touch with us and we can help you.
What if I don’t comply?
Even if you only process a limited amount of data across a limited number of people you still have to make sure that you comply with the GDPR. Businesses not complying with the GDPR, risk incurring the maximum penalty fines of up to 4% of global turnover.
It only takes one unhappy customer or ex-employee to make that official complaint and under the GDPR, if you can’t clearly demonstrate efforts and measures to comply, you’re in trouble.
If you’d like a bit more free information or advice about what GDPR means for your business, then we offer a free half hour consultation. Alternatively, you can sign up to our mailing list (using the form in our footer) for news and updates. You can also find out more about GDPR on the ICO’s website.