This week the ICO has launched a campaign to help microbusinesses prepare for the General Data Protection Regulation (GDPR). ‘Making data protection your business’ is designed to tell microbusinesses – that’s those of us with less than ten employees – about the forthcoming legislation and provide us with information that can help us get started.
On launching the campaign, the Information Commissioner, Elizabeth Denham, said: “All organisations have to be ready for the new data protection rules, but we recognise that microbusinesses in the UK face particular challenges. I’m sure the women and men running microbusinesses in the UK will want to be ready when the new law comes into force, but they may not know where to start, and that is what the new tools and information on our website can help with.”
So how helpful are the ICO’s tools?
The ICO outlines eight steps that microbusinesses need to take:
Know the law is changing
Make sure you have a record of the personal data you hold and why
Identify why you have personal data and how you use it
Have a plan in case people ask about their rights regarding the personal information you hold about them
Ask yourself: before I collect their data, do I clearly tell people why I need it and how I will use it?
Check your security
Develop a process to make sure you know what to do if you breach data protection rules
The ICO guide goes into these steps in more detail and provides some useful information. Unsurprisingly though, it stops short of providing the truly tailored, practical advice which so many small and microbusinesses are crying out for but which an organisation with a remit so wide is unable to provide.
The ICO does answer a number of frequently asked questions for small businesses on their website which are worth checking out. Some of these are broken down by sector for example for small financial service providers and small health organisations. Check out the ICO’s frequently asked questions.
Our MD Gerrard says: “The ICO is trying to help small businesses but clearly there’s a limit to what they can do. We are also aware that some small businesses are reluctant to fully disclose to the regulator their level of compliance. Small and microbusinesses are coming to us for a clear action plan and practical tools and advice that will help them meet the GDPR requirements - that’s not something that the ICO is in a position to do, but which we are fully geared up to provide. With only ten weeks to go till GDPR comes into force we are pleased to see the ICO raising awareness and encouraging small and microbusinesses to start thinking about their obligations. We are here to help when you are ready!”
Find out more about Astrid's services for small and microbusinesses.
Protect your business - become and remain GDPR compliant with Astrid