GDPR – Important points you may have missed

  1. It does cover Paper Records not just online. They must be kept safely not in a box in the corner and preferably with safe copies elsewhere.
  2. Laptops, desktops are they password protected? Do you have a good antivirus? They must be kept secure.
  3. Is your building secure? Can anyone enter unnoticed? Do you have  a record of visitors ? Are your doors kept locked?
  4. Memory sticks– are they taken off site ? Are they encrypted? The crown prosecution service has been fined over £300.000 for losing CDs of witness statements. You must be extra careful
  5. Is your data backed up properly? You are responsible for avoiding the destruction of data so do not lose it through computer collapse or flood fire etc. 
  6. GDPR says you must delete an individual’s data on request. Be careful as you have a legal obligation to keep your records including your data. HMRC says seven years and it is six years limitation on legal claims.So do not be too keen to delete data and find yourself in a mess elsewhere.
  7. Do not assume that because you are small it does not apply. It applies to all small businesses even those that collect invoices and hand them to their accountant.
  8. GDPR covers all data held by a business and is not just about marketing . It is just that is where all the noise has come from
  9. Fines and standards required will be relative to the business. Small businesses unless extremely bad will just be guided to the proper course. Large companies with big budgets who should know better will be fined.
  10. The ICO is looking for an effort to comply in initial stages. do not worry if you are not perfect.

    Not a cliff edge to fall off or climb.