The Information Commissioner's Office (the ICO) recently launched a dedicated advice line to assist small businesses in their preparations for the introduction of GDPR in May 2018. Last week they released information on the most frequently asked questions that their advisers receive on the GDPR helpline.
This list includes the following questions and answers:
"Q: My firm employs fewer than 250 people. Am I exempt from the GDPR?
A: You’ll have to comply with the GDPR regardless of your size, if you process personal data. Size is a factor in a range of areas including the requirement to maintain records of processing.
Q: Do I always need consent?
A: In short, no. Consent is one lawful basis for processing, but there are five others. Consent won’t always be the easiest or most appropriate.
Q: What information does the GDPR apply to?
A: The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Q: What is large-scale processing?
A: The GDPR does not define what constitutes large-scale processing. However, processing may be on a large scale where it involves a wide range or large volume of personal data, where it takes place over a large geographical area, where a large number of people are affected, or it is extensive or has long-lasting effects. In many cases it is unlikely that small organisations will be processing on a large scale processing."
You can access the ICO FAQ page with GDPR information by clicking on this page.
You're on our blog and updates site, which is hosted by elXtr, a digital legal hub powered by the award-winning lawyers at LHS Solicitors LLP, bringing you real law, made easy.
Find out more about elXtr here.
What is the GDPR? The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It comes into effect on 25 May 2018.