The date is fast approaching on which the EU General Data Protection Regulation (GDPR) comes into force, replacing the Data Protection Act 1998. From 25 May 2018, the new law gives individuals more control over how their data is used, shared and stored and requires organisations to be more accountable and transparent about how they use it.
The GDPR will be enforced by the Information Commissioner’s Office (ICO), which has produced a wealth of guidance to help organisations comply with their new obligations – see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/.
Recognising that micro-businesses face particular challenges in preparing for the introduction of the GDPR, the ICO has launched an awareness campaign specifically aimed at organisations employing fewer than ten people. This includes an introduction to what the GDPR entails with regard to protecting people’s personal data (see https://ico.org.uk/for-organisations/making-data-protection-your-business/) and an eight-step guide to compliance (see https://ico.org.uk/media/for-organisations/documents/2258293/eight-practical-steps-for-micro-business-owners.pdf).
The ICO also notes that many sector and industry groups are geared up to help micro-businesses implement the GDPR and can be a good starting point for industry-specific advice.