Is your business ready for the new data protection regulation (GDPR?)

    This short course, targeted for small business owners that collect and store customer data, explains how the new regulation (which comes into effect on 25th May 2018) will affect your business and the steps to take to prepare your business. For further details about the course including course dates – please get in touch.

    Interested to hear some of the questions that have been raised to me so far on the topic? Here goes…

    What does GDPR stand for and why is it being introduced?

    GDPR stands for General Data Protection Regulation. The regulation comes into effect on 25th May 2018 to provide more consistent protection for personal data.

    What is personal data?

    Any information that could be used to directly or indirectly identify a person. For example name, email address, photo, bank details, medical information etc.

    “I run a small business. GDPR doesn’t affect me…..or does it?” 

    Anyone who collects customer details such as name, address, email, phone numbers, credit card details will be affected by GDPR.

    What’s the implications of GDPR to my business?

    One of the key changes of the new Data protection regulation (GDPR) is the introduction of higher fines for breach of the regulation. Businesses can look to be fined a maximum of €20 million or 4% of annual global turnover per breach (an increase from the current typical maximum of less than €1 million.)

    Does my company need to appoint a data protection officer?

    Businesses that regularly monitor individuals or regularly process sensitive personal data will have to formally appoint an independent data protection officer. Simply put, if your business falls within any of the following categories then a data protection officer will be required…. 1) The processing is carried out by a public authority; 2) The core activities of your business is regular and systematic processing of individuals’ data on a large scale; or 3) The core activities of your business consist of processing a large scale of sensitive data or data relating to criminal convictions / offences.

    Is there further guidance or a check list to help me prepare?

    Yes, the ICO (The Information Commissioner’s Office) is a useful resource. See their website … and they also have a dedicated helpline for small business owners who may have queries on GDPR.

    The short video clip shares some feedback about the GDPR course shared by Jemma Forbes, Partner at Innes Johnston Solicitors (