Your customers and employees need to be able to trust you with their personal information or, as the law calls it, their personal data.
Data protection law
The law on data protection says what you should do when you collect, use, store or do anything else with people’s personal data. So you need to check whether data protection law applies to your business. You can do this by taking the self-assessment below.
Why is data protection important?
Your customers, employees and other individuals need to be able to trust you to look after and use their personal data properly and safely. Knowing they can trust you is good for your business.
Complying with the rules is also legally required.
Does the law apply to my business?
Why can’t the ICO just tell me exactly what I need to do?
That would be good but there are millions of small businesses in the UK, in many different sectors. They collect different types of personal data from a wide variety of customers, staff and other individuals for many different reasons in many different ways. So it’s impossible for the ICO to produce a to-do list that would be right for every small business.
But you know your business better than anyone else. So, by making use of our resources and advice, you should be able to work out how to comply with the new law.
If your sector has a professional association or trade body you should look at what information they’re producing about the new law.
OK, so how can I comply with the law?
The ICO has a range of resources and support you can use to make sure you are complying with the law.
- FAQs for small businesses
- A Guide to the GDPR
- A small business advice line and live chat service
- GDPR myth busting blogs
- Lawful basis interactive tool