All Business is covered by GDPR – No Exceptions
Many small business owners are not aware that they are affected by the GDPR and have not yet prepared. The obligations in the new EU General Data Protection Regulation (GDPR) apply directly to every organization in Ireland from May 25, 2018. All public, private and voluntary organizations of every size need to be familiar with the requirements around what information must be given to all individuals when their personal data is being collected, used and stored and with the rights individuals have in relation to controlling how their personal data is treated.
If you have staff you are a Data Controller
If you have staff then you are a Data Controller when dealing with your staff’s personal information and you need to be compliant with the GDPR. A survey carried out in the UK found that over a third of people will request their data from former employers. As you have only 30 days to respond with the information, you should know where that information is and what your responsibilities are.
Under the Accountability principle of the GDPR, it states that it’s Explicitly your responsibility to implement the GDPR.
So if you are an Accountant, Solicitor, Doctor, Dentist, Beautician, Gym, Spa, Hotel, Bar, Resturant, Shop, Club, Organisation, Shop, Factory, Garage, Personal Coach, Club or Voluntary body then you need to make sure you comply.
Fines for Non-Compliance and Data Breaches
Fines run from €20 Million or 4% of global turnover (whichever is higher) Non-Compliance Compliance to €10 Million or 2% of global turnover for a Data Breach.
Start preparing today as there are only a few weeks left to comply. It takes time to map your data inventory and remember both paper records, as well as electronic records, are covered under the GDPR.