GDPR and Data Protection
All businesses need to comply with UK GDPR. Failing to do so can lead to a large fine from the Information Commissioner’s Office and serious reputational damage.
TikTok were recently fined £12.7m
Tuckers Solicitors LLP were fined £115,000 for
| ‘Non-compliance with general data processing principles’ |
That could be your business.
UK GDPR is not just for large businesses but everyone.
All businesses hold personal data- about clients, suppliers, contractors, employees, and advisers- and have a legal obligation to set out in a Privacy Notice how it uses that data.
Too many small businesses ignore all this. However, if you are the victim of Cybercrime and lose data – you are supposed to report this to the ICO and if serious to your client. If you have nothing in place that you should have this could turn out very badly for you.
Increasingly there are people out there who will sue you for failing to comply with the rules when you held their data.
So beware and get prepared.
A Privacy Notice sets out:
- What Personal Data you hold – not just names and emails but anything by which a person could be identified. Medical and health information are subject to extra rules.
- What do you do with it? You will share it with someone.
- How you store it. Is it safe?
- How long you keep it? Other rules apply and do not delete it and get caught out.
The document must be easily accessible to clients. and anyone else whose data you hold eg suppliers, advisers employees, and contractors.
It usually goes on the website.
It is different from the website policy your web developer will put on there. Many businesses assume that is enough- it is not.
UK GDPR compliance Is not just a Privacy Notice as you should also:
- Understand what it all means.
- Put in place procedures in the business to ensure compliance.- Do you know what a Subject Access Request is and what you must do if you receive one?
- Know what to do if you engage contractors – most businesses do not.
- Understand basic cybercrime issues. Cybercrime = data breach = trouble with ICO and your client serious problem.
Our Services
If you do not have a Privacy Notice we provide:
- Basic Privacy Notice with all the important information you need to disclose
- Guide to UK GDPR- setting out a. what you need to know and b what steps you need to implement by way of assessment, registration, and procedures.
- Guidance on registration with ICO.
- We are here to answer your questions
Charge for all the above £120.
Send us your existing policy, your website details and what your business does, and we will:
- Review your existing Privacy Notice/Policy – and ensure it is not just a website policy.
- Check registration with ICO
- Check your website/ Terms and Conditions.
- Look at your procedures and processes.
Prices starting from £100. Please get in touch to book.