What do freelancers need to know about data protection and GDPR?
There’s no exemption for freelancers and small businesses when it comes to the General Data Protection Regulation (GDPR) and protecting personal data. We look at why it’s important, what you need to know, what steps you need to take to become compliant, where to start and how to get help.
All businesses that handle or process 'personal data' need practices and tools to protect that data and treat individuals fairly. One reason is that it is a legal requirement. The relevant laws - the GDPR and Data Protection Act 2018 that sits alongside it - are very specific about a number of things you need to do and the legal sanctions if you do not. However, legal compliance aside, managing personal data professionally is important to build trust with customers, manage the risks of reputational disasters and – increasingly – in order to win work from larger organisations (who will not work with suppliers unless they can demonstrate data protection compliance).
What is personal data?
You may be wondering what ‘processing personal data' actually means! ‘Personal data’ is broadly defined as any data relating to a living individual who can be identified, directly or indirectly, from that data. So names, telephone numbers and even work email
addresses – whether they’re on LinkedIn and other public websites or not – are personal data. Find out more about what personal data is here.
Nearly all freelancers, as well as other businesses large and small, will be processing personal data about customers, contacts, suppliers, website visitors and potentially others. There is no exemption for small businesses, so the rules apply whether you are a sole trader or operate through a limited company.
Where do I start?
The website of the Information Commissioner’s Office (ICO) has some great guidance and resources, and we recommend you visit its SME support pages. However, you will still need many hours to get up to speed – as well as templates and support with some of the steps you need to take.
A useful starting point is the ICO online assessment tool for small business owners and sole traders which looks at questions such as:
Do you know what personal data you hold, why you use it, and where is it stored?
Do people know you have their personal data and how you use it?
Do you only collect the personal data you need and retain it only as long as necessary, and do you have the means to keep it accurate and up-to-date?
Do you have a way for people to exercise their rights over the personal data you hold about them?
Cost effective guidance for small business
Astrid Data Protection is specifically designed and priced for small businesses and has been developed by a team who are all experienced freelancers themselves. Our secure online platform shows you what you need to do and gives you the tools and information you need to become GDPR compliant as quickly and painlessly as possible.
Taking some steps now to address data protection will help freelancer businesses ensure legal compliance, build trust with customers and win work. It may also have other benefits in terms of helping to demonstrate that (in IR35 terms) you are a genuine independent business that manages personal data and has its your own registration as a data controller with the ICO.
A more extensive version of this article appears on IPSE website – read the article here.
Protect your business - become and remain GDPR compliant with Astrid