The Information Commissioner’s Office (ICO) has created a package of resources and advice to help small businesses prepare for the GDPR. This includes the ICO’s ‘Guide to the GDPR’, which includes links to all the advice and guidance that is currently available and which will be the first place to get the latest updates; a ‘Getting Ready for the GDPR’ self-assessment checklist which produces a bespoke report on what SMEs will need to do; a frequently asked questions document answering the questions that have been asked most often by SMEs; and a dedicated GDPR preparation helpline for small organisations – 0303 123 1113, option 4.
If you hold and process personal information about your clients, employees or suppliers, you are legally obliged to protect that information. Under the Data Protection Act, you must:
only collect information that you need for a specific purpose;
keep it secure;
ensure it is relevant and up to date;
only hold as much as you need, and only for as long as you need it; and
allow the subject of the information to see it on request.
The ICO also provide seven checklists covering a number of areas of compliance including Getting ready for the General Data Protection Regulation (GDPR), Information Security, and CCTV.
If you handle personal data, you need to register as a data controller with the Information Commissioner’s Office. Registration is a statutory requirement and every organisation that processes personal information must register. Failure to register is a criminal offence.
The General Data Protection Regulation (GDPR) is a new law that will replace the Data Protection Act 1998 and will apply in the UK from 25 May 2018.
Full information about GDPR and what you need to do can be found on https://ico.org.uk