B INSPIRED PUBLICATIONS LTD
- What Does GDPR mean for Small Businesses Marketing?
May - July 2018
If you are in business then GDPR is something you have probably heard a lot about. Despite this many people still feel left in the dark about what it actually is and how it will affect their business.
Here is an overview along with a checklist to help explain areas further.
What is GDPR?
General Data Protection Regulation is a Data Protection Law that is coming into force on 25th May 2018.
Who does GDPR apply to?
Businesses who deal with personal data.
As some businesses use external companies to handle their data GDPR highlights businesses under two types; Processors and Controllers.
Processors are responsible for processing personal data on behalf of the controller.
GDPR places specific legal obligations on them e.g. required to maintain records of personal data and processing activities.
Controllers determine the purposes and means of processing personal data. They are responsible for, and need to be able to demonstrate compliance with the laws principles.
You are not relieved of your obligations where a processor is involved - GDPR places further obligations on you to ensure your contracts with processors comply.
Applies to processing carried out by businesses operating within and outside of the EU, offering goods and services in the EU.
Who doesn’t it affect?
Certain activities are excluded including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
What information does the GDPR apply to?
“This means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.’
In short this includes data such as name, ID number and location.
Note: Even if data is coded (by using pseudonyms) it could still fall within GDPR.
What do you need to tell people?
- your intended purposes for processing the personal data and
- the lawful basis for processing.
These outline what GDPR is and are included in our checklist.
This area has changed quite a lot and you can find out more in our checklist.
This is essentially the same as the 1998 Act, however, you must give particular weight to protecting children’s data.
Contract / Legal Obligation / Special Category Data
These haven’t been affected much. If you are compliant with the 1998 Act you are unlikely to need to change anything - but still check.
This topic was never going to be exciting, but hopefully the above has given you a greater insight into what GDPR is. Our checklist will help explain what you need to look at as a business.
Please remember every business practices differently. This is our overview and we have used ICO as a reference. You will need to look into the regulation further to ensure your business fully complies.