According to every statistic I’ve read, there is still a huge chunk of business owners who have not even read the GDPR yet, let alone done anything about it. To be clear; no matter the size of your business, you have to comply.
For example, Core Concept Security Ltd. (my company) is very small, but even I have to pay a ‘Data Protection Fee’ and sort out my contracts and privacy notices. What I DON’T have to do is:
- Designate a data protection officer (DPO) – Article 37, because I meet none of the criteria in 37(1)(a-c); or
- Produce a ‘record of processing’ – Article 30 because my company is under 250 employees and I do not meet any of the 30(5) criteria.
I know all of this because I HAVE read the GDPR, I HAVE sorted out my contracts and privacy notices, and I HAVE paid my data protection fee. There is no excuse I have heard to date for EVERY other small business not to do the same.
Follow these steps, and you’ll have done the most important thing imaginable; something: Continue reading