Running a business isn’t easy? As business owners we are always thinking using the best supplies, how to gain new customers, how to keep existing customers happy, keeping up to date with new technologies, and generally remaining profitable.

So where should you focus be for the start of 2018?

One at the top of your list should be GDPR and the effect it will have on your business. While every aspect of your business is important, if you don’t comply with the GDPR you could be hit with large fines. Also, if your business hasn’t been organised in the past with the data your collected, it may take some time to get it all together and implement a plan.

At SFB Consulting Group we have been talking with business owners and here list of the most popular questions currently being asked around GDPR:

What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU)’.

In plain English, the GDPR gives individuals in the EU control over their own data—what’s collected, how it’s used, how long it’s kept, and much more.


When is the GDPR deadline?

The deadline for compliance is 25 May 2018.

I’m only a small business, does GDPR apply to me?

Yes, GDPR affects all businesses regardless of the size that collect data from individuals in the EU. The extent to which the GDPR affects your business depends on the kind of data you collect, how much of it you collect, and what you do with it.


Are we still allowed to collect data?

Yes!  As a business you need to be able to collect employees’ home addresses, customers’ data, payment information. However, under the GDPR there will be guidelines as to what data you can collect, how long you can retain it, what you can do with it, how you must protect it, and individuals’ rights where it concerns their personal information.

Do I need a privacy policy?

Yes, if your policy needs to ensure everyone in your business is GDPR Compliant when it comes to collecting and handling data. The information within the policy should explain the following:

  • What information you collect.
  • How you use the data.
  • How it’s within your rights to use the data for the purposes you stated.
  • How long you retain the data.
  • The fact that people have a right to complain to the Information Commissioner’s Office if they think you’re misusing their personal information.

What happens if we experience a data breach?

If the data breach might pose a risk to individuals’ rights or freedoms, you need to let the ICO know within 72 hours, and also tell the individuals whose data was compromised.

We are here to help.

At SFB Consulting Group our team along with our specialists GDPR Solicitors will work with you to understand your operations and work to ensure you become GDPR compliant before 28th May 2018.

2018 will represent an interesting time businesses to adjust to the new legislative climate. The road towards compliance will be met with a few bumps along the way as businesses grasp what GDPR means for them, and await more guidance from the Article 29 Working Party.