1. GDPR and the small business

Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.



Sign Up

GDPR Compliance for New Businesses

Understanding GDPR for New Businesses

Scope: GDPR applies to all businesses processing personal data for business purposes, irrespective of size or structure.

Data Controller: The entity determining how and why data is processed is known as the Data Controller, and ensuring GDPR compliance is their responsibility.

Considerations for Startups

Advantage of Startups: New businesses can set up processing activities to comply with GDPR from the outset.

Documentation: Document decisions regarding data collection, retention, and sharing to create a comprehensive data inventory.

Online Systems: Choose online systems that meet GDPR requirements and provide adequate safeguards.

Key Points in GDPR Compliance

  • Definition of Personal Data: Personal data includes information identifying an individual, such as names, addresses, and contact details.
  • Data Security: Personal data must be securely held and used only for the purpose provided by the individual.
  • Transparency: Inform individuals about data processing activities through a clear and concise Privacy Policy or Statement.

Steps for GDPR Compliance

  1. Register with the ICO and pay the registration fee.
  2. List the personal data you need to collect.
  3. Identify lawful bases for data processing.
  4. Determine data retention periods and create a retention policy.
  5. Ensure online systems comply with GDPR.
  6. List entities with whom data will be shared and establish suitable agreements.
  7. Create a Privacy Policy.
  8. Establish a data breach register and policy.
  9. Create a register for subject access requests and policy for handling them.
  10. Provide adequate training on privacy principles and data subjects' rights.

Cost of GDPR Compliance

GDPR compliance costs vary depending on business specifics. Understanding privacy principles and applying them diligently is crucial for compliance.

For additional information and assistance, businesses can visit the Information Commissioner's Office website or contact their helpline.