GDPR Requirements

European data protection laws changed from 25 May 2018. These new laws affect all businesses in the UK and replaced the Data Protection Act (DPA) of 1998. Since technology and the internet have developed so rapidly since then, the DPA is now considered to be ineffective.

Now, the ease and sophistication of data collection means that thousands of SMEs collect personal details. Collecting these details also means storing, moving and accessing them online. Personal data is used in everything from marketing and sales to customer relationship management.

Cyber criminals are now much more common. In 2016, companies in the UK lost more than £1 billion to cyber crime. Major data breaches allow criminals to access names, birth dates, addresses, and even social security and pension information.

According to the Federation of Small Businesses (FSB), SMEs are now more likely to be targeted by cyber criminals than their large corporate counterparts. This is because cyber criminals consider SMEs to be softer targets with fewer precautions.

The GDPR is considered a necessity for the protection of data in a modern internet-based society.

What does the GDPR mean for SMEs?

Businesses must keep a detailed record of how and when an individual consents to the storing and use of their personal data. This means a positive agreement and cannot be inferred from a pre-ticked box. Customers or individuals have the right to withdraw consent. If an individual withdraws consent, the business must be permanently erase their data.

Businesses should review their existing data and delete any that they do not have a valid reason to hold. The GDPR sets out the legal basis for processing personal data, such as needing it to perform a business contract. Businesses should review what data they hold, whether they have consent, and if they need to keep it.

Personal data is a key tool for SMEs looking to target and retain customers. GDPR means it must be handled with the utmost care.

Download our GDPR checklist

We have produced a GDPR checklist detailing actions you should undertake to ensure compliance with the GDPR. This includes ensuring that you have a policy for compliance, secure data storage, and that you obtain the correct consent. For a copy of this checklist, please click here.

If you have any questions or would like further information please do not hesitate to get in touch.

Contact Cedar + Co.

Get in touch with Cedar + Co. to find out how we can help you to comply with the GDPR. Call us on 01332 292022, email us online or click the live chat in the bottom right corner.


By using this form you agree with the storage and handling of your data by this website.