Whether you're interested in the smaller business community, are planning to start a business or have an existing business, we have a package for you.
Our most popular package is FSB Business Essentials which includes a whole range of benefits and products designed to make your business fly
A suite of legal benefits including a dedicated helpline, bundled insurance products and a range of online information to keep your business safe. Plus a whole range of negotiated benefits to help save you money and win business.
Our Business Creation package is designed to make starting a business simpler, allowing you time to focus on what's important - making it a success.
Specialist company formation benefits, access to FSB networking, business banking and a range of products to help get you setup in business.
Whatever your circumstances, we have a package to suit you and your business. Click the button below to see which benefits are included in each package and start your FSB journey.
'I just felt wow, I want to be part of this organisation so I joined.'
'Having someone there like the FSB who you can just call on for those other things you’re not quite sure on, it’s been invaluable.'
'What you can save by taking up some of the membership offers will save you your membership fee.'
We represent a diverse range of businesses from retailers to marketing agencies and just about everything in between. Take a look at more member stories and see how we could help your business fly.
More Member Stories
We offer three packages to suit your business needs. Joining FSB Connect is free, our Business Essentials package starts at £177 in the first year and our specialist Business Creation package has a fixed price of £133.
The eight rights of all individuals will be a key part of the new regulation for general data protection (GDPR) when it comes into force in May 2018. These eight rights are to protect individuals when a business processes their personal data. The rights are a combination of new rules and other regulations that currently exist under the Data Protection Act (DPA).
There is a lot of information for businesses to find out about. This guide aims to explain the eight rights, how and when you must comply with them, and what else important to know.
This right is concerned with informing an individual how and why you’re using their personal data. You should provide details of processing information, typically, through a privacy notice. The details of the information that you must provide, is dependent on whether or not you obtained the personal data from the individual directly or from a third party. General information that you should always provide include who you are, what you’ll be doing with the info, and who you’ll share it with. Details should also include:
All information should be easy for individuals to access and provided free of charge. It should also be written in a way that is clear, concise and easy to understand, especially if you’re sending it to a child.
If you’ve obtained personal data directly from the subject, you should supply the required information immediately. However, if you’ve obtained it indirectly you can usually provide it within a reasonable period (within one month). If you want to disclose the data to another recipient or if you want to use the data to communicate with the individual, you have to provide the information on or before the disclosure or before the communication.
This is concerned with providing individuals with access to their data to confirm it’s being processed, making them aware of what information is being used, and allow them to verify that the processing is lawful. Upon request, you should provide data:
If you think a request is “manifestly unfounded or excessive”, for example because the request is repetitive, you can charge the individual a reasonable fee, considering your administrative costs, or you can refuse to respond. If you refuse, you must explain to the individual why, and inform them they can complain to the Information Commissioner’s Office (ICO).
Sometimes referred to as the right to have information corrected, this is concerned with the individual being entitled to having their data rectified – if it’s inaccurate, out of date or incomplete. If an individual makes a request for rectification, you should:
If you decide not to take action following a request for rectification, you should explain why to the individual. It’s important to also inform them that they can complain to the ICO or bring a complaint before a court.
Also known as the right to be forgotten, this is concerned with an individual’s right to request to have their data removed when there’s no reason to continue processing it. You should also inform third parties, which you’ve sent their data to, that you’re erasing it, unless it’s impossible or will involve a disproportionate effort.
However, the individual’s right to be forgotten is only under specific circumstances. This includes:
In certain circumstances, you can refuse a request to erase an individual’s data. This includes if it’s being processed to comply with a legal obligation for performing a task that’s been carried out in the public’s interest. Other examples include refusal for public health purposes, or the exercise of legal claims.
The right also is not limited to processing that causes the individual damage or distress, as current per Data Protection Act guidelines. However, any damage or distress caused is likely to make an individual’s case for erasing their data stronger.
This means the individual has the right to block or suppress the processing of their data. You should restrict data processing for different reasons, including:
You should inform all third parties to whom you have disclosed the personal data, about restricting the processing.. You should also inform the individual if you decide to lift a restriction on processing
When processing is restricted, you’re allowed to store that data but not process it any further. You can also retain enough information to ensure a restriction is respected.
This is concerned with allowing an individual to obtain and safely reuse their data across different services for their own purposes. An example of when they might want to do this includes using their data on a price comparison website, or to help understand their spending habits. You should provide data:
The right to data portability only applies where the individual in question has provided the data, if processing is based on the individual’s consent or to perform a contract and also when processing is done by automated means.
This means an individual has the right to object to their data being processed. This is concerned with processing being based on three areas:
For each of the three areas the individual has different rights. For instance, you should stop processing data for direct marketing purposes as soon as you receive an objection and deal with it free of charge. When processing for legitimate interest, however, you should stop unless the processing is being done to establish or defend a legal claim, or if you can demonstrate there are legitimate grounds for it, which overrides an individual’s interests and rights.
In cases of legitimate interest and direct marketing, it’s important to inform an individual they have a right to object to processing when you first communicate with them. This should be presented clearly and separately from other information.
When an individual objects to processing that’s based on legitimate interest or research, they should have “grounds relating to their particular situation” for their request to be accepted. When processing concerns research, you’re also not required to comply with an objection where the processing is necessary for the performance of a public interest task
This means an individual has the right not to be subject to a business’s automatic decision making in certain circumstances. It’s concerned with a business providing safeguards for an individual against the risk that it might make a potentially damaging decision, without human intervention. The right “not to be subject to a decision” applies when it’s:
For an individual to have this right, you must ensure that they can obtain human intervention and express their point of view. You should also ensure they’re able to receive an explanation about an automated decision and challenge it.
The GDPR states that profiling is any form of automated processing which is used to analyse or evaluate an individual’s personal details. This includes their health, behaviour, personal preferences, performance at work, economic situation, and where they live. When processing data for profiling, you must ensure:
Automated decision making that involved special categories of personal data or children, is only allowed under certain conditions which include explicit consent or processing necessary for reasons of substantial public interest.
The right not to be subject to a decision does not apply to all automated decisions. This includes when it’s necessary for entering into or performing a contract between you and the individual, and if it’s been authorised by law, such as for preventing fraud or tax evasion.
Understanding individuals’ eight rights is just one important part of being ready for GDPR. From taking on new business responsibilities, to the time and costs needed to apply the rights to your customers, there’s a lot to think about – you can learn more in our blog, How to prepare for GDPR. It’s wise to get as much support as you can.
At FSB, we support members with advice and guidance so they can be ready for GDPR when it comes into force next year. This includes:
If you’d like to find out more about how we can help your business with GDPR compliance, please visit our FSB Legal Hub and FSB Cyber Protection pages. The services are included as standard with our Business Essentials package. Please take a look at our package comparison page to find out about the benefits of this package and our others.
Factsheets and downloads for: Employment Law, Taxation Matters, Business Law and Health & Safety information. All free. As well as monthly bulletins.