The General Data Protection Regulation (GDPR) is a regulation in EU law relating to data protection and privacy for all individuals. The aim of the law is to prevent people or organisations from holding and using inaccurate information on individuals, whether relating to private lives or business. Now part of UK law, it applies to any type and size of business, including those classed as an SME, micro business or home based business. If you intend to operate within the law, your business must be GDPR compliant.
GDPR expands the rights of individuals to control how their personal data is collected and processed, and places a range of obligations on business owners to be more accountable for data protection. It is designed to give the public confidence about the use of their personal information and requires businesses to keep personal data safe and secure and ensure it is not misused. Very few small businesses are unaffected, and without GDPR compliance they risk a hefty fine, a criminal record and perhaps the loss of their business.
It cannot be emphasised enough that GDPR compliance is not simply a box ticking exercise; the regulation demands that you are able to demonstrate your compliance, ensure appropriate policies and procedures are in place, and build a workplace culture of data privacy. Most business owners are astonshed at the level of changes they are required to achieve, so those still asking - what is GDPR? - really should take legal advice specific to their own business, to fully understand their responsibilities.
GDPR "to do" lists, inaccurate advice, and the misinterpretations of those unqualified on the subject, are rife across the internet. You can spend an age on the ICO website, read a biblical amount of information, or listen to those friends and acquaintances who seem to know everything, but still, you will be none the wiser. Below is a GDPR summary, a non-exhaustive list of the minimum requirements of small business GDPR compliance which applies to most SME, micro and home based businesses.
This GDPR summary is a lot to take on board and implement. In many cases there will be additional specifics, yet so many business owners continue to think GDPR doesn't affect them. However, non-compliance and not operating your business within the law, could be costly at any time in the future. So, if you are a small business owner wondering if and how GDPR affects you, the Small Business GDPR Consultant would strongly recommend you seek initial free GDPR legal advice as soon as possible.