The GDPR legislation at 57,500 words long is not the easiest of things to get your head around if your business processes personal data (for which the majority do). But one of the smallest steps in GDPR compliance that so many forget to do, can land you a £400 or £600 fine, going up to £4350.
This small step is nothing more than to pay the annual £40 or £60 data protection fee, which is required by law to the data protection authority, which in the UK is the Information Commissioner’s Office or ICO. If you are lucky enough to warrant an annual fee of £2900 then it means you have more than 250 members staff and a turnover of over £36 million. If you receive a warning letter and ignore it, you could be fined. If you haven’t paid the fee and suffer a data breach and it gets reported to the ICO, that’s an additional headache you can do without.
The same applies if you forget to renew, so it is worth registering with an email address that will go to multiple people. You can make the whole process a lot easier and save yourself £5 off the fee with a direct debit. It’s best to check you are not exempt or confirm which is the correct tier of the three by using the fee assessment tool at: ico.org.uk/fee-self-assessment
Once you have registered, then the ongoing work begins to meet the GDPR legislation requirements. If you don’t know where to start, don’t worry, you are not alone. A fair amount can be distilled down to a series of straightforward business questions that needs to be documented about your data when it comes to personal information. What do you hold, Who do you have data on, Why do you have it, Where is it stored, When did you get it, How did you get it, etc. You may even find that meeting the GDPR requirements give you a good excuse to redefine elements of your business that have been that way for years, but no one quite remembers why.
For more GDPR resources see: www.booleanlogical.com/gdpr