• News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Well Being
  • Marketing
  • HR & Recruitment
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
Twitter LinkedIn YouTube
Trending
  • Document Management Company Celebrating Award Success For Third Consecutive Year
  • Podcast advertising: A lesser-known secret to marketing success
  • 7 effective tips for achieving a better work-life balance as a self-employed professional
  • Education and Culture: Tools against workplace stress
  • Ensuring Ethical AI Practices Tailored to Your Industry’s Needs
  • European Business Lenders Forecast Spiralling Fraud Rates
  • Autumn Statement sparks SME hope, but there is more work to be done
  • Why Too Much Ego is Disastrous in a Transformation Project
Twitter LinkedIn YouTube
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
  • News
  • Home
  • In Profile
  • Finance
  • Legal
  • Technology
  • Events
  • Features
  • Wellbeing
  • Marketing
  • HR & Recruitment
SME Today
  • About
  • Advertise
  • Events Calendar
  • Business Wall
  • Subscribe
  • Contact
  • 0843 289 4634
You are at:Home»Legal»SMEs and GDPR – A guide to navigating data protection

SMEs and GDPR – A guide to navigating data protection

0
By sme-admin on September 23, 2021 Legal, Marketing

The volume and quality of personal data businesses can collect (and the ease with which it can be stored, accessed and used) has myriad benefits, but also carries risks, especially in today’s regulatory environment. A recent study has shown that 85% of SMEs understand GDPR, but more than half are still not meeting the legal requirements.

Elliot Fry, Managing Associate at law firm Cripps Pemberton GreenishElliot Fry, Managing Associate at law firm Cripps Pemberton Greenish gives SMEToday’s readers some pointers.

Leaving aside the reputational damage a breach can cause, it’s hard to miss the eye-watering fines imposed by the Information Commissioner’s Office (ICO) on companies who have failed to keep personal data secure or misused it. If you are subject to an ICO investigation, you need to be able to show you took the right steps towards compliance, and have the right documentation in place. Now more than ever it is crucial that companies of all sizes take time to get to know their obligations under data protection law.

The law

Following Brexit, the EU’s GDPR is no longer directly applicable to all UK businesses (although if you do business in the EU, it may still be). However, the UK (as part of Brexit) has implemented its own version of the GDPR, which essentially replicates the EU’s GDPR in UK law, so (unless and until the UK creates its own more bespoke law) the GDPR is here to stay.

This legislation applies to all businesses; even if you are a small or medium sized company.

Your people: Getting your employees up to speed with how they can keep personal data secure is the best way of avoiding data breaches or unintended misuses of personal data. The more they know about how important personal data is, and how to keep it secure, the easier protecting that data and using it in the right way will be.

Not everyone in your business needs to know the GDPR back-to-front, but you should make sure you have someone who broadly understands the requirements, and who takes ownership of data protection responsibilities in the organisation (even if you don’t need a formal “Data Protection Officer”). Other personnel may only need to know a few “golden rules” depending on their role.

Contracts: If you use a service provider that accesses, stores or uses personal data on your behalf, they may well be a “processor”. Where you appoint a processor, the GDPR requires you to have a written contract with that processor, which must include details of the processing and some specific obligations on that processor (in particular, the processor must only process personal data on your documented instructions). The GDPR requirements here are quite specific, so if you are using older contracts (pre-2018), it’s very unlikely that those agreements will be compliant.

Larger service providers should already have updated their agreements, but small service providers may not have dealt with this proactively. You should also look at any transfers of data outside of the European Economic Area (in particular to the USA), to confirm if these are compliant.

Notices: The GDPR requires a privacy notice to be supplied to anyone whose personal data you hold (subject to some exceptions).

It’s worth remembering that employees are data subjects too, and you will need a privacy notice to set out how you use their data. We consider businesses need a minimum of two privacy notices (an internal one for personnel, and an external one for everyone else). The GDPR also requires you to bring that notice to the attention of the relevant individuals.

Data Controller Register: The GDPR requires organisations to keep a record of their processing activities (and a general description of your security measures). While this obligation is reduced for organisations with fewer than 250 employees it’s likely that any size organisation will have to keep at least a partial record. Keeping a full record is a matter of best practice and assists your other compliance activities.

Special Category Data Appropriate Policy Document: The Data Protection Act 2018 requires that, if you process special category data (particularly sensitive types of data which includes health information) in certain circumstances (including for instance monitor sick leave or for other employment related reasons) you will need an appropriate policy document setting out how you comply with the GDPR’s principles and your retention and erasure policies regarding that data.

Data Breach Register: GDPR requires organisations to document any data breaches they suffer, the effects of that breach, and the remedial action they have taken.

How can I find out more?

If you would like to find out more, a good place to start is the Cripps Pemberton Greenish Data Protection Hub which sets out a lot of guidance on different areas of your business which may be affected. Cripps have also prepared a Data Protection Toolkit which contains questionnaires, customisable template documents and related guidance that can help you get up to speed with data protection law.

Alternatively, the ICO has prepared a ‘SME web hub’ where you can find advice on data protection implications concerning everything from installing CCTV cameras at your premises, to dealing with subject access requests.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Stamping out sexual harassment in the workplace

Ten Red Flags to Look for When Hiring a Marketing Agency in 2024

Directors and Managers: How to navigate changes within your team

Comments are closed.

Follow SME Today on Linkedin and share all the topics you find interesting

The Newsletter

Join our mailing list to receive the latest news and updates from SMEToday
Read our Latest Newsletter:

Sign Up
Events Calendar
    • Marketing
    November 24, 2023

    Ten Red Flags to Look for When Hiring a Marketing Agency in 2024

    November 13, 2023

    The Power of a Name – Expert Tips for Naming Your Business

    • Finance
    November 29, 2023

    European Business Lenders Forecast Spiralling Fraud Rates

    November 27, 2023

    Autumn Statement sparks SME hope, but there is more work to be done

    Protean Inbound Marketing
    • Health & Safety
    November 21, 2023

    Fire Safety: How to Protect Your Business With 5 Simple Steps

    September 5, 2023

    The Importance of Preventing Falls in the Workplace

    Discover Maximizer
    Discover Maximiser
    • Events
    November 15, 2023

    The Great Christmas Raffle Raising Vital Funds For Charities

    September 28, 2023

    Brighton Half Marathon Youth Races Returning in 2024

    • Community
    November 17, 2023

    Cherishers 811 CIC Wins Bronze & Silver Stevie® Award In 2023 Stevie Awards For Women In Business

    November 15, 2023

    The Great Christmas Raffle Raising Vital Funds For Charities

    • Food & Drink
    November 8, 2023

    Brownie business reaches ‘epic’ proportions with support from Delivered UK and The APC network

    August 8, 2023

    London’s Remote Work Coffee Shop Guide: work-friendly independents and small chains closest to every tube stop in London’s Zone 1

    • Books
    November 27, 2023

    Why Too Much Ego is Disastrous in a Transformation Project

    November 16, 2023

    The Fenton Elliott Business Book Club

    About

    SME Today is published by the same team who deliver The Great British Expos’. We have been organising various corporate events for the last 10 years, with a strong track record of producing well managed and attended business events across the UK.

    Join Our Mailing List

    Receive the latest news and updates from SMEToday.
    Read our Latest Newsletter:


    Sign Up
    Twitter YouTube LinkedIn
    Most Recent Posts
    November 30, 2023

    Document Management Company Celebrating Award Success For Third Consecutive Year

    November 30, 2023

    Podcast advertising: A lesser-known secret to marketing success

    November 29, 2023

    7 effective tips for achieving a better work-life balance as a self-employed professional

    November 29, 2023

    Education and Culture: Tools against workplace stress

    November 29, 2023

    Ensuring Ethical AI Practices Tailored to Your Industry’s Needs

    Categories
    • Books
    • Community
    • Education and Training
    • Environment
    • Events
    • Features
    • Finance
    • Food and Drink
    • Health & Safety
    • HR & Recruitment
    • In Profile
    • Legal
    • Marketing
    • News
    • Property & Development
    • Sponsored Content
    • Technology
    • Transport
    • Well Being
    Copyright © 2020 SME Today.
    • ABOUT SME TODAY: THE GO TO RESOURCE FOR UK BUSINESSES
    • Privacy
    • Contact

    Type above and press Enter to search. Press Esc to cancel.