In May this year there is the deadline for GDPR compliance – so it would appear!
This may help you, as just about every small company (like our’s) will be processing personal data electronically and may mean you need to register with the ICO.
Today, the EU definition of “personal data” is set out in the Data Protection Directive 95/46/EC. It defines personal data as “any information relating to an identified or identifiable natural person”. This company certainly does process personal data, but do I actually need to register?
After some digging around I found this on the ICO website, it’s an interactive a self-assessment questionnaire that guides you through the process of determining if you do have to register:
After that, there are seven other check-lists you may need to complete. More than one may apply – they are as follows:
- Data controllers
- Data processors
- Information security
- Direct marketing
- Records management
- Data sharing and subject access
Of course, you can still register voluntarily, but this will tell you if you need to. If you do, it means you’ll probably be committed to a lot more work in becoming compliant. If so there is some more guidance: