Biggest data breach fine so far…

Today we have seen the biggest data breach fine so far… Still thinking that GDPR still doesn’t apply to you?  Are you sure…?

So British Airways is a company everyone has heard of.  Yet here we are…are you sure that you are compliant with today’s biggest data breach fine news?

I get asked these GDPR questions a lot!  Sound familar?

I’m only a small company, I’m a one-man band, how will this even affect me? I won’t get a biggest data breach fine.

You process personal data and you need to be able to reassure your customers that you are treating their data with the respect it deserves.  The Economist recently said that data was more valuable than oil so it needs to be treated accordingly.  It’s a sensible thing and it shows that you care about your client’s data, protecting it carefully.

Do I need to register with the ICO? Its just me running the business?

You need to register as a data protection officer if you are making decisions about how you use personal data, you are choosing how the data is protected.  If you are in any doubt there is a quiz on the ICO website that will be able to help you.

I left one company and took a list of my contacts with me.  This is fine  – they know me…

Absolutely not, until you have established a reason to be able to contact them. Be it consent or legitimate interest.  As it stands you have no reason at all to contact them.  You could be regarded as a nuisance and could be reported if you don’t establish a reason.

I only have their name and address, that’s available online.

Yes – they may publish these details on their website or social media. But its up to you how you process this.  Luckily the GDPR cannot look inside your head and the GDPR only applies to personal data that is intended to be part of a filing system.

By invoicing,  they form part of your sales process then they do form part of a filing system. You are processing their data.

I’m a contractor, working with different companies.  I sign a non-disclosure agreement so I only invoice the companies. Surely this law doesn’t apply to me?

You are producing invoices.  You are a data controller, making decisions so yes the GDPR will apply.

It’s personal data

So you maybe a small company, a one man or woman band but you must look after your personal data, be it client, supplier or employee data.  Do look at what you have.

  • Where it goes
  • The legal reason for processing
  • How long you keep it for
  • How you protect it.

This a huge GDPR wake up call!  Let’s get it done!  If you don’t know where to start to avoid your biggest data breach fine, do get in touch: We offer a free one hour GDPR health check.  Let’s avoid those GDPR fines!