Updated: Jun 28
Are you looking to start a small business? Already have a business? Here is your online guide to the GDPR.
What is GDPR?
GDPR stands for General Data Protection Regulation and is a set of laws that took effect in May 2018. Its purpose? To give individuals greater control on how businesses can process their data. Whereas the old EU laws were a directive which had to be implemented by each member state separately, GDPR harmonises those laws and practices providing a direct set of rules to be followed.
Following Brexit, it is regularly misconstrued that the GDPR rules do not apply to UK businesses. It is also misconceived that it does not apply to small businesses. It is not the case. Although GDPR is an EU regulation, it still applies to the UK. The provisions of the GDPR are incorporated into the UK data protection act 2018 (referred to as the UK GDPR), and it directs that the regulation applies to any business that processes personal data. It also states that if you trade in the EEA, you will need to follow the EU GDPR, including both large and small businesses.
8 ways the GDPR will affect your small business:
1) The right to be informed - You must be transparent in how you collect and process personal information and the purpose that you intend to use it for. Always inform your customer of their rights and how to carry them out. This can be done by using privacy policies on your website which adequately inform.
2) The right of access - Your customers now have the right to access their data, which you must provide through business purposes or technical means.
3) The right to rectification - Your customer, by law, is allowed to correct any information you hold that they believe is not accurate.
4) The right to erasure - You must provide customers with the right to be forgotten. This means customers can request that their information be erased, and you must do so without delay.
5) The right to restrict processing - Customers have the right to request that you stop processing their data at any point.
6) The right to data portability - You must enable the machine and human-readable export of your customers' data. In other words, customers can obtain data used on them and reuse it for their own purposes.
7) The right to object - Always ensure that you gain consent from customers before using their data, as they always have the right to object.
8) Rights to automated decision making and profiling - This gives individuals the right not to be subject to any decision based solely on automatic processing.
Why are all these steps necessary?
Simply put, these are your customers' rights. Whether you are a small or large business or handling a small or large amount of data, you must comply with the GDPR. The penalty for non-compliance is up to €20 million (£17.5 million) or 4% of your global annual turnover (whichever is larger). This would no doubt be crushing for your business!
For more help and information, check out these resources: