GDPR and Data Protection for Small Businesses
GDPR. By now most of us have heard the acronym GPDR but less about The Data Protection Act 2018. The GDPR is in fact the detail of the European Regulations and The Data Protection Act 2018 which will translate those regulations in to UK law is, as of March 2018, currently weaving it way through parliament.
Any hope that the European Regulations will be tossed out of the window come Brexit should therefore be dispelled.
GDPR/ Data protection Act 2018 will apply after 25th May 2018 so If you run a small business the first thing to ask yourself is ‘do I process personal data?’
The answer to that question is almost certainly yes.
Only the very smallest firms with no payroll might be able to answer in the negative. The reason for this is that staff any customer records will all contain personal data. To process personal data pretty much all you have to do is to possess it.
The second job is therefore to undertake a data mapping audit. Look at your files, computers, mobile phones, emails and think where you might hold data.
You have a small online shop selling umbrellas, when you sell an umbrella you keep the purchasers emails in a marketing list and from time to time you send that person emails about your other products. You are processing personal data and you need to make sure that you have the correct compliance procedures in place.
You run a restaurant but you never take down details from any customers. However you have ten staff who you pay by BACs every month. Again you are processing personal data (this time your employees) and you need to make sure your policies, procedure and plans are in place.
If you need help undertaking a data mapping audit or with any other element of compliance with the GDPR please call Dominic Moss on 01606 872200 for an initial discussion about how we can help you.
Helping you with;
- Data Audits
- Compliance Advice
- Policy Drafting
- Data Accountability Plans and documents.
- GDPR Procedures
- Subject Access Request
- ICO complaints