GDPR one year on: make sure your small business is compliant

We’re over a year on since the GDPR came into force and some small businesses are still exposed. Overlooking the GDPR could have costly repercussions by way of hefty fines and reputational damage.

Many small businesses think if they just ignore the EU’s GDPR regulations, they will just go away. SA Law Head of Employment & Data Protection Chris Cook shares vital tips for SMEs who haven't done anything to abide by GDPR, and how they can start going about this task.

On May 25 2018, the EU introduced its biggest transformation of data protection legislation with the introduction of the General Data Protection Regulation (GDPR).

Although most businesses were making sure they were compliant in the months leading up to its enforcement, many businesses (including SMEs) weren’t GDPR-ready.

Small businesses may consider compliance with the Data Protection Act 2018 (“DPA”, which incorporates the GDPR in the UK) to be another administrative burden and, due to their business’s size, by keeping fingers crossed and ignoring it, it might disappear. This isn’t the case; all businesses that process personal data are subject to the DPA.

Organisations found in breach of the DPA face administrative fines of up to 4% of their annual global turnover or €20 million (whichever is greater).

Read Chris’s full article for here.


If you would like more information or advice relating to this article or an Employment law matter, please do not hesitate to contact Chris Cook on 01727 798098.

© SA LAW 2021

Every care is taken in the preparation of our articles. However, no responsibility can be accepted to any person who acts on the basis of information contained in them alone. You are recommended to obtain specific advice in respect of individual cases.