Tag Archive for GDPR

By Chris Cook on Small Business – Advice and Ideas for UK Small Businesses and SMEs
The UK General Data Protection Regulations (UK GDPR) came into force on January 1 2021 and sets out the key principles, rights and obligations for processing data in the UK. It is almost entirely based on the EU GDPR (which applied in the UK before January 2021) and sits alongside the Data Protection Act 2018 (DPA).
With the plethora of initialisms, some small businesses are understandably overwhelmed. Some actively ignore what they deem to be an administrative burden, while others unknowingly stray into breach of data protection regulations. Regardless of your view of the UK GDPR, one thing is clear; overlooking it could have costly repercussions by way of hefty fines and reputational damage to your business.
The body in charge of enforcing data protection breaches in the UK is the Information Commissioner’s Office (ICO). Much of the enforcement action pursued by the ICO relates to aggressive direct marketing techniques, such as nuisance calls and emails. For example, ColourCoat Ltd, a home improvements business based in Hastings, was fined £130,000 by the ICO in June 2021 following a substantial amount of direct marketing calls.
Businesses should also be

Hot Business News Today

Three steps to writing a cookie policy for your website

by Partner Content • October 28, 2019 • 0 Comments

Originally written by Partner Content on Small Business
When you visit a website, most of the time a cookie file is saved to your device (with your permission).
This is a simple text file which stores the website’s name and gives you a unique ID so that it can tell you’ve been there before. Cookies can also provide insights into how long you spend on a website, which links you click on, options you’ve chosen and which items you’ve placed into a shopping basket.
This allows websites to deliver pages and services which are tailored to you and your preferences.
What is a cookie policy and why does your website need one?
A cookie policy tells your website visitors what the cookies on your website are for, what data you’re collecting and how you’re using this information. It should also inform people how they can opt out or change their settings, especially as website cookies are prone to change.
Cookies have generated some controversy in the last few years as online consumers become ever more conscious of their online security and privacy. As cookies collect data around what individuals are doing on your website, it’s a legal requirement for all websites to get consent to collect

Hot Business News Today

GDPR one year on: make sure your small business is compliant

by Chris Cook • September 30, 2019 • 0 Comments

Originally written by Chris Cook on Small Business
Despite the EU implementing strict rules around data protection last year, some SMEs haven’t made changes to be compliant, putting themselves at huge risk. GDPR one year on and some small businesses are still exposed. Overlooking it could have costly repercussions by way of hefty fines and reputational damage.
On May 25 2018, the EU introduced its biggest transformation of data protection legislation with the introduction of the General Data Protection Regulation (GDPR).
Although most businesses were making sure they were compliant in the months leading up to its enforcement, many businesses (including SMEs) weren’t GDPR-ready.
See also: What does GDPR mean to me and my business?
Small businesses may consider compliance with the Data Protection Act 2018 (“DPA”, which incorporates the GDPR in the UK) to be another administrative burden and, due to their business’s size, by keeping fingers crossed and ignoring it, it might disappear. This isn’t the case; all businesses that process personal data are subject to the DPA.
Organisations found in breach of the DPA face administrative fines of up to 4pc of their annual global turnover or €20 million (whichever is greater).
GDPR one year on
Since the GDPR came into force, fines have been

Hot Business News Today

GDPR and Brexit – 5 steps your small business can take

by Ian Osborne • September 26, 2019 • 0 Comments

Originally written by Ian Osborne on Small Business
Whatever side of the Brexit debate you sit on, it is becoming increasingly likely that the UK will no longer be part of the EU from the end of October.
This presents an array of challenges – and arguably opportunities – for small and medium-sized enterprises (SMEs).
However, one key aspect that business leaders must be aware of is GDPR and Brexit and how leaving the EU will affect their operations in terms of data security.
See also: GDPR one year on: what fines have been issued so far?
What the government says you should do
Guidance from the Information Commissioner’s Office (ICO) has confirmed that whether we leave with EU with or without a deal, most of the data protection rules affecting SMEs will remain the same.
The good news is that UK businesses that comply with GDPR and have no contacts or customers in the EEA (the EEA is the EU plus Iceland, Norway and Liechtenstein) don’t need to do much more to prepare for data protection after Brexit.
What if you receive data from Europe?
However, UK businesses that receive personal data from contacts within the EEA must take additional steps to ensure they are fully compliant after

Hot Business News Today

9 steps to GDPR compliance for your first business website

by Anna Jordan • September 18, 2019 • 0 Comments

Originally written by Anna Jordan on Small Business
When you’re setting up your business website, checking that you’re GDPR compliant may be lower down on your list of priorities.
However, even as a one-person operation, you must be in line with the law – or else you could be slapped with a serious fine.
We want to take the intimidation out of the process by guiding you through these nine steps to GDPR compliance for your new site.
1. Establish where your data comes from and how to handle it
As a quick reminder, personal data is defined as any information which can be used directly or indirectly to identify a person. It could be a name, photo, email address, bank details, medical information, computer IP address, cookies or social media posts.
Your starting point is to know where data comes from and what you do with it. Data can be collected through Google Analytics and GPS location trackers as well as through email sign-ups. Next, pinpoint where the information is stored and who can access it.
Work out your procedures for:

Proving someone has given you consent
What to do if someone wants their data to be erased
What to do if you suffer a data breach

At this point,

Hot Business News Today

What should I do if I get a subject access request?

by Anna Jordan • June 2, 2019 • 0 Comments

Originally written by Anna Jordan on Small Business
It’s only one part of GDPR and data protection, but a subject access request (SAR) shouldn’t be ignored. As more people become aware of their personal rights, the number of requests continues to increase.
We show you how to deal with SARs, both as a small business owner and as an employer.
What is a subject access request?
An organisation will have a certain amount of personal data on users which they use and/or store. These people may ask for a copy of their data to check that what is being held on them is in keeping with the law.
Subject access requests existed as a right under the Data Protection Act 1998, but the rules have changed with the introduction of GDPR.
Requests can be made verbally, electronically (including social media) or in writing. If you have received it in writing, make sure you can verify the identity of the sender.
How long can I take with requests?
You have one month from when you receive the SAR. You can be given an extra two months if the request is complicated or there are numerous requests. You should let the person asking for the information know about this extension

Hot Business News Today

GDPR one year on: what fines have been issued so far?

by Anna Jordan • May 24, 2019 • 0 Comments

Originally written by Anna Jordan on Small Business
Saturday 25th May sees the first anniversary of GDPR – and its associated fines.
It’s fair to say that the effects haven’t been astronomical (at least not yet). The first year has been more about teething than smacking down financial penalties. The watchdog is said to be spending more time focusing on legacy cases breaching the Data Protection Act, including high-profile companies such as Uber, Equifax and BT.
It also hasn’t penalised companies harshly where they can show that they have taken adequate action to fix wrongdoings and comply with new regulation.
Though there have been few penalties, reports have been on the up. Research from Hiscox shows that complaints of online data breaches were up 160% in the six weeks after GDPR came into force.
Across the continent, the European Data Protection Board found that 206,326 cases were reported under the GDPR from supervisory bodies in 31 authorities in the European Economic Area (EEA).
Fines throughout Europe totalled €55.96 million over the first year of GDPR. This sounds like a grand sum, but is mostly made up of a €50 million fine for Google.
France’s CNIL vs Google
In its first GDPR ruling, CNIL pursued Google, issuing a €50

Hot Business News Today

Can I insist on staff having their photo taken?

by Peter Done • October 8, 2018 • 0 Comments

The post Can I insist on staff having their photo taken? appeared first on Small Business.

Hot Business News Today

Customer databases: how to deal with the effects of GDPR

by Anna Jordan • October 8, 2018 • 0 Comments

GDPR has had a profound impact on the customer databases of a lot of small businesses. Lindsey Roberts is GDPR project manager at Visualsoft, an e-commerce digital marketing agency. She talks about the effects of GDPR on small businesses and what you can do to make the new rules work for you. The best companies
The post Customer databases: how to deal with the effects of GDPR appeared first on Small Business.