11th April 2019

Following a series of questions from clients regarding whether the GDPR regulations apply to them, we have decided to write a short Blog to reconfirm a few of the rules which apply to businesses of ALL sizes from the moment they decide to be in business.

1) GDPR regulations apply from the start of your business, they are not something to be ‘working towards’ or that is ‘coming along’. They apply to you on your first day in business - IN FULL.

2) Processing data is the qualifying criteria. Processing data before registration with the ICO is a Criminal Offence. Processing data without being compliant in your business is a Criminal Offence.

3) The contact data information on a website is to promote and advertise the website owner’s business it is NOT there for other people to use to contact them to sell things to THEM!

4) As we have said many times before, when prosecuted by the ICO the offender’s details and the amount of the fine is posted on the ICO website for all to see. This ‘Naming and Shaming’ can be devastating to a small business. Almost everyday, the ICO updates their website with new offenders and anyone can access this information. We suggest that you:  DO NOT LET TOMORROW'S ENTRY INCLUDE YOU!

5) We all know that ignorance of the Law is no defence but when the situation has been made clear and people still choose to ignore it, the ICO take the view that prosecution is the best solution to ignorance as the offender will then remember for the future. The ICO seems to feel that as the GDPR is nearly 12 months old and the Data Protection regulations are 21 years old then people in business who claim to be ignorant of them are not deserving of any sympathy.

6) Finally, the latest tale of woe from the ‘Enforcement Action’ Section of the ICO website relates the tale of a Pensions company who sought advice from a Data Protection consultant, AND a Data Protection Solicitor prior to their latest round of electronically despatched sales messages but they STILL managed to send messages to prospects who had not given their permission. Consequently, they were presented with a fine of £40,000. The ICO said “a simple review of the customer journey would have exposed the issues apparent with the consents being relied upon.”

We will spare their blushes by not naming them in our Blog but you can see the details for yourself by clicking HERE. While reading it try and imagine that you are reading your own name and decide how you would feel about that!

Then consider taking some free advice using our telephone advisory service which costs nothing at all!

Call today on 0330 2233 506 to book your own FREE GDPR Legal advice conversation!