24 April 2024
Small business owners and sole traders report
Your overall rating was green.
- 6: Yes
- 0: No
- 3: In part
AMBER: partially in place
Do you have a way for people to exercise their rights regarding the personal data you hold about them?
Suggested actions:
You should:
- ensure that all staff are aware of these rights
- train your staff about what requests might come in from individuals and what to do if this happens, and
- make sure you could act on the requests. For example, make sure your computer programs allow you to delete or amend information.
If you receive a request, you should respond within one month.
Further reading
If you would like more detailed information on this part of the Checklist, please visit the links below:
Guide to the UK GDPR – The right to be informed
Guide to the UK GDPR – The right of access
Guide to the UK GDPR – The right to rectification
Guide to the UK GDPR – The right to erasure
Guide to the UK GDPR – The right to restrict processing
Guide to the UK GDPR – The right to data portability
Guide to the UK GDPR – The right to object
Guide to the UK GDPR – Rights in relation to automated decision making and profiling
Do you and your staff (if you have any) know your data protection responsibilities?
Suggested actions:
You should:
- train all your staff handling personal data on their data protection responsibilities
- use awareness to keep reminding your staff about keeping data safe and secure (ICO resources are available), and
- make sure your staff know what to do if you have a breach or if something goes wrong.
Further reading
If you would like more detailed information on this part of the Checklist, please visit the links below:
Guide to the UK GDPR – Data protection officers
Do you know if you are obliged to pay a data protection fee?
Every business that processes personal information is required to pay a data protection fee to the ICO, unless they’re exempt. Not paying when you should may result in a fine of up to £4,000.
If you hold and process personal information (including names and addresses) on any electronic device, you may need to pay.
You can find out more here:
GREEN: in place
Do you have a record of what personal data you hold? Do you know what you use it for?
Do people know you have their personal data and understand how you use it?
Do you only collect the personal data you need?
Do you only keep personal data for as long as it is needed?
Do you keep personal data accurate and up to date?
Do you keep personal data secure?
Thank you for using the small business owners and sole traders checklist. Let us know what you think by completing our short survey.
If you have an problem downloading the report into a word document please let us know.