As a GDPR Practitioner I help small companies and sole traders look after their information. The question I get asked the most is what actually personal data? Let’s go back to basics.
GDPR has been with us for nearly 18 months and businesses are still unsure if it applies to them. If you invoice and provide goods or services, then you will be processing personal data.
GDPR defines this as data that can identify you as a natural living person. Not a company, but a living individual.
Let’s do a quiz, are these personal data?
- Trade union membership
- My inside leg measurement
- Dietary requirements
Yes absolutely – they identify me as a natural living person.
How about these?
- Job title
- Personality traits
- My choice on the menu
- The town where I work
No, though important or commercially sensitive, this is not personal data.
If you are using this data set then you will need to comply with the GDPR. You’ll need to look after the data that you are processing. So by emailing a quotation, sending out a newsletter and chasing for payment. You are processing personal information.
You can and need to use this data in order to do business with your customers, or order from your suppliers. Looking after this data and the legal reason you have for processing it is very important. Allowing you to incorporate data by design into your business. Sending a customer a quotation on their request is legitimate interest and delivering to them will be contractual obligation. Both of these are valid reasons for processing data. Other reasons could be consent for a newsletter and vital interest would apply if you were at a hospital and required treatment.
If you need help or advice with your data protection journey then please get in touch: https://trustedcompliancesolutions.co.uk/contact