By Chris Cook on Small Business – Advice and Ideas for UK Small Businesses and SMEs
The UK General Data Protection Regulations (UK GDPR) came into force on January 1 2021 and sets out the key principles, rights and obligations for processing data in the UK. It is almost entirely based on the EU GDPR (which applied in the UK before January 2021) and sits alongside the Data Protection Act 2018 (DPA).
With the plethora of initialisms, some small businesses are understandably overwhelmed. Some actively ignore what they deem to be an administrative burden, while others unknowingly stray into breach of data protection regulations. Regardless of your view of the UK GDPR, one thing is clear; overlooking it could have costly repercussions by way of hefty fines and reputational damage to your business.
The body in charge of enforcing data protection breaches in the UK is the Information Commissioner’s Office (ICO). Much of the enforcement action pursued by the ICO relates to aggressive direct marketing techniques, such as nuisance calls and emails. For example, ColourCoat Ltd, a home improvements business based in Hastings, was fined £130,000 by the ICO in June 2021 following a substantial amount of direct marketing calls.
Businesses should also be