GDPR for small companies

GDPR for small companies

We have already informed that the new GDPR will affect almost anyone processing personal data. The regulation, which will come into force on 25 May 2018, brings a lot of confusion with it. It may seem that the rules that apply to large companies will circumvent the smaller ones. But the opposite is true.

GDPR affects everyone

Many entrepreneurs and small businesses underestimate their preparation for the coming GDPR. Many think they are not affected by this issue because they have only a few employees. There are also individuals who have not even noticed that there is such a fundamental change in the field of personal data protection. It is important to note that, with a few exceptions, GDPR affects anyone who works with personal data. Unfortunately, even if you are a small business, you are facing huge sanctions as well.

What to prepare for?

Everyone who collects and works with them must protect personal and sensitive data from leaks. In all businesses, even in small ones, it is necessary to implement processes and measures that minimize leakage and maximize safety. This is true for large businesses, individuals and people working as freelancers. Most small businesses are not ready for the GDPR. However, this obligation to introduce this Regulation cannot be avoided. The principle of GDPR's responsibility states that data controllers, regardless of size, turnover or number of employees, should implement technical, organizational and procedural measures in accordance with the requirements of GDPR. For small businesses, this can mean a lot of bureaucracy, but it brings with it a safer protection of personal data in today's modern technologies.

Uncertainties with exception

The obligation to keep records of data processing activities raises some confusion. It is a compensation for the abolition of the reporting obligation of the Office for Personal Data Protection, which many considered to be a formality and administrative burden. Such records should support the problem solving in companies. Activity records must contain a lot of information, but not all of them have time and time to develop and keep these records up to date. The GDPR Regulation foresees the possibility to pass this agenda on to processors and allows smaller businesses with up to 250 employees not to deal with it at all. This exception only concerns records that cannot be classified as risky or not seriously interfering with the rights and freedoms of individuals. This interpretation of the exception is not straightforward. This is particularly about helping small and medium-sized enterprises.

What it means for businesses

The obligation to keep a record of personal data processing affects 95% of entrepreneurs, because even if your business has a marketing department or someone else is working on marketing for you, you are not processing personal data accidentally and occasionally. The format and method of keeping records on processing is at the discretion of the company. It can expand its records beyond GDPR requirements. The management of the company thus has the necessary information available in one place, quickly accessible and clearly arranged.

Whether you are a large business or sole trader, you need to be clear about who will work with the data, how they will be treated, where they will be stored and what happens in the event of their leak.

If you are interested in ensuring your privacy policy in line with GDPR, please request a free quote.

Free Quote