GDPR is just around the corner and it is time to get your head out of the sand if you are a sole trader or micro-business. In my recent piece – GDPR Checklist – for sole traders and Micro businesses, I summarised my learning on the recent journey for RapidBI. In that journey, I thought I had covered 99% of the bases. But it seems I missed one KEY POINT. And this one is a big one! I have since added it, but as many won’t read all the piece I thought it worth a short piece of its own. ICO registration.
Fines for GDPR
The potential penalties for Data breaches are €10 million or two percent of a firm’s global turnover. Now for a sole trader with a turnover of <£100k, that means worst case you will be fined £2000. That seems small fry. BUT what about the legal costs, what about reputation? Will your business be trusted again?
This is not about the fines for small businesses, but the ability to function/ trade after a case.
ICO do I need to register my organisation?
Do I need to register my organisation with the ICO for data protection and GDPR? Pre GDPR, except for a few very specialised cases there was no need for micro-business or sole traders to register with the ICO. This has now all changed. Like many people reading this, I run a very small business, I call it a boutique consulting service. The data I hold is very limited. We do not even send regular marketing email newsletters and rely on this site and social media for most of our marketing.
For micro-businesses, the fee is £40 per year (£35 if paid by direct debit). ICO registration is for all of us involved in:
- Advertising or marketing activity
Etc, unless we are a not for profit!
So ICO registration for sole traders and micro-business under GDPR?
YES we as small businesses need to register!
It seems that if we are doing any of the activity mentioned above, we do need to register. See these links for reference:
https://ico.org.uk/media/for-organisations/documents/2258205/dp-fee-guide-for-controllers-20180221.pdf – similar to above but PDF version with more info.
There are exemptions, but alas, for us these are not valid under the new rules! So the ICO fee has become a tax on small business!
The only exemption I can see is if we work as a “not-for-profit”, which for many may be true in reality, but alas the intention is to make a profit!
ICO registration is but one step
Have a look at my checklist page. It contains most of what you need once you have registered. Focus on the principles, and keep data secure, and only use it for the purpose for which it was gathered, and of course, KEEP IT SECURE!
GDPR Get your head out the sand and register with the ICO
Read the checklist and make sure you have done all the other steps necessary – GDPR Checklist – for sole traders and Micro businesses,
Please add your comments below. What steps as a small business have you done to protect yourself?