Small business owners and sole traders report

• 6: Yes
• 0: No
• 3: In part

AMBER: partially in place

Suggested actions:

You should:

• ensure that all staff are aware of these rights
• train your staff about what requests might come in from individuals and what to do if this happens, and
• make sure you could act on the requests. For example, make sure your computer programs allow you to delete or amend information.

If you receive a request, you should respond within one month.

Further reading

If you would like more detailed information on this part of the Checklist, please visit the links below:

Your Data Matters

Guide to the UK GDPR – The right to be informed

Guide to the UK GDPR – The right of access

Guide to the UK GDPR – The right to rectification

Guide to the UK GDPR – The right to erasure

Guide to the UK GDPR – The right to restrict processing

Guide to the UK GDPR – The right to data portability

Guide to the UK GDPR – The right to object

Guide to the UK GDPR – Rights in relation to automated decision making and profiling

Suggested actions:

You should:

• train all your staff handling personal data on their data protection responsibilities
• use awareness to keep reminding your staff about keeping data safe and secure (ICO resources are available), and
• make sure your staff know what to do if you have a breach or if something goes wrong.

Further reading

If you would like more detailed information on this part of the Checklist, please visit the links below:

Guide to the UK GDPR – Data protection officers

Guide to the UK GDPR – Accountability

Personal data breach guidance

Guide to the UK GDPR – Security

Every business that processes personal information is required to pay a data protection fee to the ICO, unless they’re exempt. Not paying when you should may result in a fine of up to £4,000.

If you hold and process personal information (including names and addresses) on any electronic device, you may need to pay.

You can find out more here:

GREEN: in place