• Skip to main content
  • Skip to footer

Law Hound

Online Small Business Law Specialists

  • Home
  • Start Here
    • How We Work
    • Testimonials
  • What We Do
    • Consulting
    • Contracts
    • Data Privacy/GDPR
    • Employment Law & HR
    • Legal Q and A
    • Trademarks
    • Training
  • Webinars
  • Law OnCall
  • Blog
  • Contact

July 2, 2017 By Ali

Small Businesses and GDPR

 

3 REASONS WHY DATA PROTECTION AND GDPR APPLIES TO SMALL BUSINESSES AND ORGANISATIONS

Broadly, data protection is about collecting and then using (processing) an individual’s personal information in a lawful way and keeping it safe and secure.

As a small business, it’s easy to think that data protection, let alone the new General Data Protection Regulation changes which are coming into play in May 2018, does not affect your business. Let’s look at 3 reasons how data is likely to be used in your business.

(1) I don’t collect any data that matters

Many micro businesses, for example, a business selling hand-made items through a Facebook group, believe that they don’t have to bother with data protection because they don’t collect any data that matters.

Data protection aims to protect personal data which is information from which an individual can be identified. This means, for example, if you store names and addresses to take and send orders, this information will identify an individual.

At a pinch, if you’re using that information purely to deal with fulfilling customer orders you might not need to be registered with the Information Commissioner’s Office (known as the ICO and the organisation who enforce data protection and will be the GDPR supervisory authority in the UK). However, it doesn’t mean that you don’t have to comply with data protection laws.

(2) I only use data when an individual consents

I love it when you attend a business function and there is a glass bowl for you to throw in your business card (i.e. my personal data because it contains my contact details) with the anticipation of winning something.

As a business, it’s a great way to get yourself noticed and to collect data for marketing. So, for example, you may want to encourage me to make a purchase by sending me an email with a discount code.

However, unless some specific exemptions apply, data protection means that if you want to use my personal data there are several tests to apply. One of those tests is my having given consent so you may think, because I was happy to share my details on my business card, that it’s OK to send me that discount code.

In these circumstances, it would be fair to say that when I throw my card in I’m giving my consent to you using my contact details to tell me that I’ve won, or not. However, according to data protection I have not consented to you using my personal data for anything else unless

  • before I gave you my card you made it very clear that you would also be using my contact details for marketing purposes and
  • I still agreed to let you have my card once I was aware of this wider purpose for processing my data

As an aside, in these circumstances you also need to be aware of the Privacy and Electronic Communications Regulations 2003 which may relate to your marketing.

(3) I’m a small business – GDPR says it only applies to businesses that have 250 or more employees

In theory, you may be right. However, you’ll find that, the ICO will disagree.

That’s because whilst GDPR  says it only applies to business that have 250 or more employees, GDPR will apply if

  • your data processing activities are likely to result in a risk to the rights and freedoms of data subjects or
  • your data processing is “not occasional” (i.e. you routinely deal with data processing) or
  • your data processing is in relation to special categories which relate to criminal offences and convictions

Finally,  remember that irrespective of anything else, as a business you should still properly maintain and control the information you store and process.

Filed Under: GDPR and Small Businesses Tagged With: GDPR and recruiters, GDPR and selling online, GDPR and small businesses, GDPR experts

Footer

CONTACT US

The Law Hound Group 

Our Office

International House, 61 Mosely Street, Manchester, United Kingdom M2 3HZ

Company Number

06839202

VAT Number

306 4992 89

Email – [email protected]

ABOUT US

Law Hound  Group – Business Law Consulting Online – email [email protected]

Learn More

Search Our Site

Copyright © 2021 The Law Hound Group
  • Facebook
  • Linkedin
  • Instagram
  • Twitter
  • YouTube
GDPR Advisory Services in England and Wales

Contact Us

  • This field is for validation purposes and should be left unchanged.