Where do I start with GDPR?February 8, 2018
ICO launches campaign for microbusinessesMarch 15, 2018
I’m an SME does GDPR apply to me?
In short: yes!The General Data Protection Regulation applies to all organisations that process the personal data of EU citizens, whether the organisation is based in the UK, Romania or even Australia. It applies to all sizes of organisation from sole traders, microbusinesses and other small and medium enterprises (SMEs) to large multinationals. Basically, if you collect, record, store, use or disclose data for your own business purposes or that of another organisation, GDPR applies to you.
Are there ways in which GDPR is different for small businesses?There’s one main difference in what is required for small and medium enterprises (SMEs) – Records of Processing Activities (Article 30 of the GDPR Regulations). This set of records is a detailed list of what you do with data, how you control it and who’s responsible for managing compliance in your company.
If you’re a small business, GDPR states that you don’t need to keep these records of how you process people’s data unless (and this is where the problem lies…):
- Your processing is likely to result in a risk to the rights and freedoms of “data subjects” (the people whose data you’re processing);
- Your processing is not occasional;
- Your processing includes “special category” data such as trade union membership, race, ethnic, health, biometric data, beliefs, sex life or sexuality,
- Your processing includes information on criminal convictions and offenses.
Still confused?GDPR is not just about customer or client data - employees’ personal data and details of suppliers and other contacts are also covered by the legislation. Given the wide scope of GDPR it is unlikely that any organisation operating in the EU or selling products or services to EU citizens is able to say that GDPR doesn’t apply to them.
Help is at hand though. Developed with small businesses in mind, our secure online platform shows you what you need to do, and gives you the tools and information you need - all broken down into practical, manageable steps, to remove the fear factor of GDPR. Find out about our services.