Data Protection FAQ: Is Your Small Business Compliant?
When you start a business there can be a whole world of things that you need to start thinking about. For starters, if you have employees and start to get customers, you have to start thinking make sure that you are complying with certain data protection laws. But the words ‘data protection can strike fear into many small business owners, especially after the recent GDPR guidelines in Europe. No matter where you are in the world, if you have European customers, then you have to comply. But is it all some just hard to understand legislation?
It is important to remember that as a small business owner, data protection does apply to you. It applies to basically every business, including sole traders. Any information you have from card numbers, names, photos, and addresses, have to be kept secure. And not to scaremonger, but it can land you in trouble if you don’t comply, perhaps needing the legal assistance of a firm like McKinney, Tucker & Lemel LLC. Failure to comply can lead to large fines and even imprisonment. So it is something that as a small business owner, you need to take seriously.
To help, here are some frequently asked questions around data protection, to help you know what you should be doing as a business, what you must be doing as a business, and what isn’t necessarily necessary.
What Businesses Does Data Protection Apply To?
The act around data protection was introduced to keep people’s details safe. As more and more businesses have gone online, it means that more and more information is vulnerable in a way that it was twenty years ago, for example. So if you have information or data about customers or employees, then it needs to be kept safe. There is a caveat around this, though; it is about data that is online. So if you don’t have a website or don’t deal online, then it isn’t the same about how you should be storing your data (plus, if you’re not online, you’re unlikely to have any data from customers to store).
If you have data from friends and family to get in touch with them or send them a card for the holidays, then you don’t need to register. When information is for personal or private use, then it is completely different and you don’t need to comply with the guidelines. However, if you use that information to sign people up to your digital newsletter, then the use goes from private to business, and the data protection laws would then start to apply in that context.
What If Someone Wants To See The Information?
As you have information on someone, they can and might ask to see what information you hold for them. This is known as a subject access request and means anyone can do it (even you for another business that has your information, for example). You usually have forty days to respond to a request like this, and you need to show the details that you do hold (such as card numbers, names, and addresses).