Does the GDPR apply to small business? And should you care?
Put simply, it probably does! And yes, you absolutely should care!
The EU’s Privacy law (GDPR) has been in force since 25 May 2018, and applies to all businesses (irrespective of size) if any one of the following apply:
You only need to meet one of these requirements for GDPR to apply to your business.
And the business should care, or at least it should care, for a number of reasons. Firstly, customers prefer to deal with companies that respect their privacy and their data so without complying the business is likely to lose customers, and secondly, if the business does not comply the business is exposed to fines of up to €20m or 4% of global group turnover, whichever is the higher. Worse still, the EU privacy regulator could order the business to stop processing any EU personal data immediately.
If your business doesn't have a presence in the EU but does offer goods and services to individuals in the EU or monitors their behaviour then Art 27 of GDPR requires you to appoint a GDPR Representative in the EU. For additional information please read the article What is a GDPR Representative and when do I need one .
It is relatively easy to comply with both EU GDPR and UK GDPR representative requirements. By appointing and maintaining both an EU and a UK representative you will be compliant in both jurisdictions.
We are happy to act on your behalf, as your GDPR representative. Our monthly, flat-fee price is based on the size of your business.
Select your business size to appoint us as your GDPR representative in the EU & UK today.