Skip To The Main Content

GDPR for small businesses

  • Blog
  • 07 February 2018

Understanding the impact of GDPR and the importance of being compliant might seem like a big task to some smaller businesses, especially because of the global scale of the new regulations. As the compliance deadline of May 2018 comes closer,  businesses should have sufficient procedures in place in relation to handling individuals’ data.

So what sort of things should you be thinking about in order to ensure your business is ready for GDPR in advance of the deadline? This blog looks at what to consider when it comes to GDPR for small businesses.

GDPR for small businesses

Keeping it in mind from the start

GDPR is set to be an extremely important aspect of a business’ operation, so it’s something you should keep at the forefront of your mind each day.

If you’re an already established business, there might be a couple of things you should change or implement in your business in order to ensure full compliance with GDPR. This will ensure that your business is as protected as possible from any liability.

For example, you might need to amend a data entry form that you currently use so that it’s structured differently and to show that the data is necessary for your purposes. Or you might have to add some extra security measures, such as a stronger firewall to ensure your data is as secure as possible.

If you’re looking to start your own business, however, then it would be helpful to prepare for GDPR early in your business planning stage. This way you can hit the ground running, without having to worry about any potential data compliance issues.

Planning what you need to do in advance will help make it easier to implement your data protection methods and policies.

The eight rights are the same for each business

One of the most important things you should keep in mind when preparing for GDPR is that small businesses have to adhere to the same eight rights that apply to large businesses. This includes the right for consumers to have access to the data you hold on them, and the right for them to object to the way you make use of their data. If you’d like to more information on what these rights are, take a look at our guide on the 8 rights of GDPR.

The main difference will probably be in how much you have to do to provide these rights. A small business, for instance, will generally handle a far smaller volume of data than a large business. Even though the volume may be less,  you still need to have the necessary procedures in place to be able to protect individuals’ data and to deal with their requests, as per the requirements of GDPR.

You are likely to have to make some changes to the way you operate. It might be  adding more detail to your privacy policy  to make it clear that the individual has the right to  object to or withdraw their consent to your processing of their data., The core of it is that the collection and usage of data should be transparent and secure, and that the customer will have greater rights to control how you use their data.

For example, if you only plan to hold a small amount of personal data on your customers, a simple secure database might be enough to keep the data easily accessible and readable. This should also make it easy to amend if someone requests that you update or delete their information from your records. 

Will you need to hire new staff?

With the high penalties that will come as a result of GDPR, ensuring that you become compliant and remain compliant is vital.

Public authorities and businesses that do large scale monitoring or large scale processing of certain types of data are  required to appoint a designated data protection officer (DPO). It should be noted that this won’t be a requirement for most small businesses.

That said, however, it might still be beneficial to take the principle on board so that it’s easier to settle into the new regime  effectively. Hiring a staff member is one option, but it might be more effective if you reshuffle your existing staff roles so that there are one or two staff members who handle the majority of your business’ data-related obligations. If you do decide to this, it is advisable to make sure they are properly trained and are fully aware of the different aspects of GDPR. This might give your business an easier time handling data and the GDPR regulations going forward.

How can FSB help prepare for GDPR?

GDPR could affect your business in different ways, from taking on responsibilities to giving your customers new rights, to the time and costs needed to make changes to your company. So it’s a good idea to use a third-party expert to help do the work for you.

At FSB, we support members with advice and guidance and simple step-by-step plans to prepare their business for GDPR and maintain compliance.

The service provides members with access to:

  • Online fact sheets and checklists on all aspects of small business GDPR
  • Telephone advice line to ask questions on GDPR compliance
  • Instructional videos, including an overview of GDPR
  • Third-party insurance cover on data protection

If you’d like to learn more about how we can help your business with GDPR compliance, please visit our FSB Legal Hub and FSB Cyber Protection pages. The services are included as standard with our Business Essentials package. Please take a look at our product comparison page to find out about the benefits of this package and our others.

Cyber Protection from FSB

FSB Cyber Protection includes an insurance policy with cover of up to £10,000 and an unlimited use helpline to answer all your Cyber Security questions.

Find out more