A basic guide to GDPR for small businesses
1. What is the Data Protection Act about?
The main aim of the Act is to promote a high standard of handling personal information to protect the individual’s right to privacy. This Act applies to all companies which hold data about living individuals in paper or electronic format.
The 8 Data Protection principles for good data handling
All data must be…
- Fairly and lawfully processed
- Processed for specific purposes
- Adequate, relevant and not excessive
- Accurate and where necessary, kept up to date
- Not kept for longer than necessary
- Processed in line with the rights of the individual
- Kept secure
- Not transferred to any countries outside the European Economic Area unless information is adequately protected.
2. What personal information is covered by the Act?
The Act covers information that relates to a living individual. This is information where the individual could be identified. For example: name, address, date of birth etc. The individual has the right to access the information and correct it if the information held is incorrect.
3. What sort of processing is covered by the Act?
The term ‘processing’ is very broad and covers any action which is carried out on a computer. But in summary will include any of following in personal data terms: recording, holding, using, obtaining, disclosing, erasing or destroying.
4. What to do if you process information about individuals?
The Data Protection Authority requires the Information Commissioner to keep a register of:
- Data controllers who are responsible for processing information
- Which purpose they will use the personal data for
If you have this information about employees, customers, suppliers, clients or other members of the public. You may need to record this in the register. This is then called a ‘notification’. However not everyone needs to notify, if you process personal information for core business purposes like staff administration, accounting and own marketing.
To check if you need to notify. Please visit the ICO website by using their self-assessment guide.
5. Can individuals ask for their information?
Under the Act individuals have the right to get a copy of all information you hold about them on a computer or some manual filing systems. This is better known as a right of subject access.
If you do receive a subject access request. You must respond to it within 40 days. You are also entitled to ask for more information so you can confirm the person’s identity.
6. Why you should comply?
Because the new Act is a legal requirement, and it also makes good business sense for the following reasons.
- Sending mailings to out of date records will annoy customers and waste both time and money
- Good information handling will increase customer and employee confidence in the business
- Keeping all information on your data subjects safe and secure will protect you against any claims or damages.
If you fail to notify or renew a notification, when you are not exempt from notifying is a criminal offence and punishable by fines up to £5,000. The Information Commissioners can also take enforcement action to make you bring your processing into line with the eight principles. But failure to further comply is punishable by a further £5,000 fine.
In cases where there is a breach of the DPA which is likely to cause substantial damages or distress and the data controller has failed to take steps to prevent this. The Information Commissioner has the power to impose a monetary penalty of up to £500,000.
7. What you must do
You need to make sure that you and all your staff follow the eight data protection principles. These principles are central to DPA and everyone that handles personal information.
You also need to find out whether you need to notify the commissioner of certain details of your processing.
If you would like more information on this or any aspect of Data Protection. Please feel free to get in contact and find out how we can assist with any changes needed within your business, we will be able to provide you with any documents, assistance and resources you need well ahead of the changes.
So why not contact Sally Phillips 07887 877521 or email email@example.com and find out how Ward Williams can bring your business into line with the new data protection regulations.
Being immersed in the nitty gritty of tax? Talk to Simon Boxall at Ward Williams who can help with some thorny subjects such as should I let my property furnished or unfurnished? Or when should I do maintenance work?Jeremy Wasden, Director at Belvoir Lettings Uxbridge
Because services have always been reliable and questions are answered and advice given promptly.Ian Macdonald, Macdonald Associates Consultancy
A high level of dedicated personal service and ability to find and recommend solutions and complex questions.Bruce Todd, InCompass International Consultancy Services Ltd.
I have always found Ward Williams team to be responsive and helpful to any questions for advice.Ann Tomsett
We have had a long successful working relationship with Ward Williams over many years.David Warwick, MASDAR (UK) Limited.
Knowledgeable and informative advice. Trustworthy and competent. Very friendly likeable staff. Completely Satisfied.Mrs Ingrid Klinkhamer
I am extremely happy with the service provided and would try to recommend Ward Williams at every opportunity.Michelle McIntyre, Airboe Components Limited.
I have enjoyed a long relationship with Ward Williams and have found you to be very competent at what you do!Bryan Lewis, Media On Demand
To date I have been very satisfied with the service providedDavid Hawkins, Cane Bay PTY Ltd.
Excellent service both personally and as a business.Guy Hewitt, Angelo European Trading (UK) Ltd.
Ward Williams supported my business since shortly after its inception. Phil, Ming and Jamie respond constructively and promptly to any queries that I may have and my dealings with the other staff are always friendly and courteous.Madeline McGill, Senior Executive Selection Coaching & Development Ltd.
Great service from great people. Moving our business to Ward Williams was one of our better decisions.John Yeomans, Champagne Food Ltd.
Friendly, efficient and professional service.Irene Reid, Domains Lettings Ltd.