What do I need to do for GDPR as a small business?
Let’s start at the beginning GDPR’s predecessor was the Data Protection Act 1998, which hadn’t been reviewed for many years and was deemed not relevant to present-day technologies. The changes introduced with GDPR are designed to reflect the online world we’re living in so that people can continue to protect their privacy and personal data, which is one of the reasons behind the update to data protection law. Therefore on 25 May 2018, the DPA was replaced by the General Data Protection Regulation (GDPR).
GDPR is different from the DPA as the law applies to all businesses and protects more data. The consequences of non-compliance can no longer be ignored. Organisations are obliged to show that they comply rather than merely say that they comply. If organisations get things wrong and personal data is lost or compromised, the likelihood under the GDPR is that they will have to report the breach, and in many cases, this will lead to fines, not least reputational loss, or worst situation prison sentence.
Aside from the legal obligations of GDPR for a small business it is also considered best practice to be managing and controlling the way your business handles, stores and uses your client, staff and individuals personal data. No business is too small to be excluded.