General Data Protection Regulation (GDPR) and small businesses

19/12/2017 00:00:00


The General Data Protection Regulation (GDPR) is due to be implemented in May 2018 and with replace the current Data Protection Act.

All organisations will need to take steps in order to comply with the new rules. Breach of the GDPR will result in up to £20 million fines or 4% of a company’s global turnover, whichever is higher.

Smaller businesses need to be aware of this change in order to comply with the new regulations and avoid any misconduct or fines. Data protection plays a large role in day to day business with companies handling, storing and retrieving data every day, therefore, procedures need to be set in place to adhere to new rules.

The purpose of the regulation is to give control back to the public, ensuring individuals are aware of the data they are providing, and how it is shared. Some companies may be thinking – will Brexit affect the GDPR? As of May 2018, the UK will still be an EU member and will be obliged to comply with the new rules. Furthermore, the UK Government confirmed in October 2016 that it is committed to implementing the GDPR, regardless of the Brexit process.

Small businesses should ensure they meet requirements in order to avoid the £20 million fine, therefore; areas to be considered include: Data breaches – being able to protect yourselves from an inside threat (i.e. colleagues), legal contract – contracts between partners or third parties will need to be updated. Right to be forgotten – understanding what data you have and where it is, giving EU residents the right to see, amend or delete any personal data held against them, including backup and archives.

With less than six months until GDPR comes into effect, businesses need to prepare themselves. As a business owner, you are obliged to find out how it will affect your business specifically and what you can do.

The Information Commissioner's Office (ICO) has launched a telephone helpline for small and micro businesses, to help them prepare for the General Data Protection Regulation (GDPR). The helpline will complement the ICO's other GDPR preparation resources, including a series of 'myth busting' blog posts and a range of free-to-access online guidance.

The ICO helpline number is 0303 123 1113 and will be open from Monday to Friday, 9am to 5pm.

For further information and advice on GDPR please visit the ICO website.