Posted on Thursday, March 8th, 2018 | Filed under Cottons News.

GDPR Compliance for Small Businesses

5 Steps to Ensuring GDPR Compliance for Small Businesses

No matter the size of your business, you will need to comply and be aware of the new regulations set out under GDPR.

The new legislation regards the secure collection, storage and usage of personal information. Violations will be met with fines, so it is vital to understand the law, however, the good news is that GDPR does recognise that small businesses require different treatment to large or public enterprises.

There are several simple steps that small businesses should consider to ensure they are compliant by 25th May 2018. Here are the highlights.

  • Establish a lawful basis for processing data – Opt-out boxes aren’t enough any longer and under GDPR you must establish a lawful basis for processing data.
  • Document the personal data you hold – you should understand what personal data you hold, where it came from and where it is going. You will also need to document what the data was collected for, and whether it’s still relevant or necessary for the reason you collected it.
  • Ensure you can honour data requests – Individuals can request that you delete, amend or move their data. Your processes must make it possible to honour these requests within one month.
  • Prepare for breaches you must ensure your processes enable you to notify the data protection authority of a data breach within 72 hours of your organisation becoming aware of the matter.
  • Appoint a data protection officer – Whether or not you need a data protection officer is dependent on what data you collect, and how much you collect, rather than the size of your business. If needed, appoint one sooner rather than later if this role is necessary.

Everything you need to know

If you need to know more then read our GDPR for Small Businesses article and find out how Cottons can help you manage the legislation in your business.

Please contact our in-house GDPR specialist Ben Burnett with any immediate questions. You can also discuss your own situation with your local office. We have offices in London, Daventry, Rugby and Northampton.