Globalization Specialist for Korean Startups

Who and What is affected by GDPR?

Who needs to care about GDPR?

It’s recognised that small businesses have fewer resources, so there may be more leniency in relation to  non-compliance. You probably don’t need to employ a DPO but you still want to ensure you’re compliant with the principles of the GDPR. In fact Your business must comply if it’s involved in collecting, storing and using personal data. Being a small business doesn’t mean you can ignore GDPR. 

Even for the smallest of businesses responsible data handling should also be a basic good business practice. Data breaches make the headlines regularly and hackers are becoming ever more skilled, have you thought about how you’d explain a data breach to your customers? 

“I didn’t think I needed to bother”  probably won’t be a reasonable response.

     ANSWER: We all need to care about GDPR!     

What data does GDPR apply to?

Does your business hold customer lists and contact detail records or HR records? I guess so, almost every business does. For example, as a heating engineer, how do you know when to send your customer a boiler service reminder? Or even a christmas card? This is ‘personal data’ and it belongs to the ‘data subject’ (your customer) and this is what GDPR is all about.

Nearly everything you read about GDPR talks about ‘personal data’ and while this is nothing new, it has been given a more detailed definition.   

For example, GDPR clarifies that an IP address is counted as personal data. 

If you don’t know what an IP address is, if you are reading this you have one. An IP address is a unique series of numbers that identifies every device connected to the internet. Your phone, your laptop, your iPad and if you are an early adopter of IOT, maybe even your fridge. 
If you keep a spreadsheet of customer contact details, or an digital capture system, (think Photo’s of business cards etc) the GDPR will apply.

     ANSWER:  Anything that can be used to identify a person.    

Don’t for get to check out, my other GDPR posts here