What is GDPR and what does it mean for my small business?
I’m not a specialist in Data Protection, or the laws surrounding it, however I know as a small business it really is vital for us to be aware of. So I did some research and I’ve put together this blog of my views on the General Data Protection Regulation which will come into force next year.
Background to GDPR
The General Data Protection Regulation (GDPR) is a new law that will replace the Data Protection Act 1998 and will apply in the UK from 25 May 2018.
Last month, Information Commissioner Elizabeth Denham told businesses “there’s no time to delay in preparing for the biggest change to data protection law for a generation”.
For many businesses, as well as making sure they are GDPR compliant, it may mean they need to make a few changes to how they describe things in terms and conditions, contracts and website privacy notices.
What is GDPR?
The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
If you hold information that falls within the scope of the Data Protection Act, it will also fall within the scope of the GDPR.
What falls in scope of GDPR?
Information security – are IT systems safe and secure and how do you handle data when you’re in the office and on the move? How would you back up your data in case of fire, flood or theft? Guidance on all these things and more are covered in ICO Practical Guide to IT Security for Small Business
The advice from ICO is that even if you pay someone else to do your marketing, both parties are responsible for complying with PECR” where they recommend you should have a written contract that clearly sets out the contractor’s responsibilities.
Do you collect information about your customers?
For more information about privacy notices and how to word your privacy notice so it is clearly understood, take a look at Collecting Information – Small Business Checklist
How can I prepare for GDPR
The ICO have published a host of useful information to help small business owners work out what they need to do including this useful PDF check list: GDPR – 12 Steps to take now.
Will it affect my business Terms and Conditions or Contracts?
Business will need to review their existing terms and conditions to ensure they have addressed and comply with any changes resulting from GDPR.
If you’re not sure if you what changes you need to make to your contracts, then get in touch.