Please note that we’ve compiled this to try and help our community understand their potential obligations. This in no way constitutes legal advice and anyone unsure should seek their own independent legal assistance from a qualified lawyer.
One of the most asked questions in our private Facebook community over the last weeks is whether or not GDPR applies to our members.
(If you’re unsure as to what GDPR is, then keep reading and then click the link at the end).
Many people seem surprised that GDPR applies to them as they maybe work from home, are a sole trader or perhaps only work part time.
However, there is every chance that if you process the data of any EU citizens that you’re subject to the new regulations.
Put bluntly, any company – big or small – will have to comply with new regulations regarding the secure collection, storage and usage of personal information.
What’s more, violations will be met with fines in some cases.
Do you process EU residents’ personal data?
If you do, then it almost certainly applies to you.
This could mean client’s personal treatment information, their name and telephone number or even their email address if that’s stored on your computer.
So if you have some clients then there is every chance to need to pay attention and ensure you’re compliant.
Are you engaged in economic activity?
GDPR does not apply to people processing personal data in the course of exclusively personal or household activity.
That said, if you work from home – and charge money – then it still applies to you.
Brexit.
Some key stipulations of GDPR are:
- Firms of over 250 employees must employ a Data Protection Officer (DPO). This person is responsible for ensuring that a business collects and secures personal data responsibly.
- GDPR will also apply to small businesses under 250 employees if the processing carried out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional.
- Individuals have more rights dictating how businesses use their personal data. In particular, they have the ‘right to be forgotten’ if they either withdraw their consent to the use of their personal data or if keeping that data is no longer required.
- Failure to comply with the GDPR will lead to heavier punishments than ever before. Under current rules, the UK’s Information Commissioner’s Office (ICO) can fine up to £500,000 for malpractice but the GDPR will be able to fine up to €20 million or 4 per cent of annual turnover (whichever is higher).
So that will include most small businesses, if not all.
Even if you work from home.
Even if you work part time.
Even if you’re a sole trader.
Assuming you handle and record client’s data either online or on paper then you need to pay attention.
Good news! Help is at hand!
I’ve enlisted the help of a professional small business lawyer to help steer you through the minefield.
There are a couple of videos you can watch to bring you up to speed and help determine what it means for you.
Don’t panic.
Don’t bury your head in the sand.
Take a deep breath, make a large coffee and click here to watch the important videos.
They will help guide you through the process and exactly what you have to do.
Information taken from SmallBusiness.co.uk and the Information Commissioners Office.