{"id":175364,"date":"2022-08-29T02:45:49","date_gmt":"2022-08-29T01:45:49","guid":{"rendered":"https:\/\/legalvision.co.uk\/?p=175364"},"modified":"2022-09-06T06:28:06","modified_gmt":"2022-09-06T05:28:06","slug":"gdpr-compliance-small-business","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/","title":{"rendered":"Why Does My Small Business in England Need to Worry About GDPR Compliance?"},"content":{"rendered":"\n<p>As a small business owner, you must be aware of the General Data Protection Regulation (GDPR). This impacts all businesses in England, both small and large. Furthermore, any breach of the GDPR by your organisation can result in a fine from the Information Commissioner\u2019s Office (ICO). The ICO enforces GDPR compliance and provides businesses with information on how to do so. <\/p>\n\n\n\n<p>This article will explain why your small business needs to comply with GDPR rules and why a serious breach of data protection provisions can cause problems for your company.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What Does the GDPR Require My Business to Do?<\/h2>\n\n\n\n<p>The most important <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\">data protection principles<\/a> put in place by the GDPR include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>collecting and processing personal information transparently and legally;<\/li><li>your business limiting its use of <a href=\"https:\/\/legalvision.co.uk\/regulatory-compliance\/sensitive-data-information\/\">personal data<\/a> to situations where there is a specific and lawful purpose;<\/li><li>referring your organisation to the ICO within 72 hours of any serious personal data breach;\u00a0<\/li><li>providing quick and convenient access to data following receipt of a subject access request (SAR);<\/li><li>ensuring your business meets specific requirements when moving personal data outside of the UK; and<\/li><li>importantly, not collecting more personal data than is truly necessary.<\/li><\/ul>\n\n\n\n<p>These duties are so important that the Government set up the ICO to investigate potential breaches and <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/biggest-fines-ico\/\">fine companies up to \u00a317.5m<\/a> for non-compliance with GDPR rules. Thus, the ICO act as a referee with the ability to cause severe financial and reputational damage to your organisation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Should My Company Be Aware of the ICO?<\/h2>\n\n\n\n<p>In the past, the ICO has issued hefty fines on companies in England.<\/p>\n\n\n\n<div  class=\"box box--icon box--info\">\n    <p>For example, Ticketmaster received a \u00a31.25m fine for failing to use appropriate security on its online payment page. This security failure resulted in hackers obtaining financial details (including credit card information) belonging to around 1.5 million people.<\/p>\n<\/div>\n\n\n\n<p>In this case, the ICO\u2019s Deputy Commissioner hoped the fine would <em>\u2018send a message to other organisations that looking after their customers\u2019 personal details safely should be at the top of their agenda\u2019.&nbsp;&nbsp;<\/em><\/p>\n\n\n\n<p>If your business commits a serious breach of the GDPR that puts the information of customers or staff at risk, it can expect a financial penalty. Additionally, the ICO publishes its findings online (many of which are reported within the media). Therefore, non-compliant businesses should also be aware of the risk to their reputation.&nbsp;<\/p>\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/175364#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>Instagram<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175364' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='MaUK8ukNhZWcjwimAT8i3AxEZH1plOfSC1BKSfZh8JZbWMFs9eeCCk31TY7mlz7sNFYHlByXkZzi1THYB4kqvmvb2lqf9mJMZJSPV4SUL9fofek=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\">Will the ICO Account for the Small Size of My Business?<\/h2>\n\n\n\n<p>The ICO will consider your company&#8217;s size when assessing any breach of GDPR rules to a limited extent. However, this is generally because smaller businesses tend to handle lesser amounts of personal data. Therefore, any breach usually affects fewer people. Excepting this, the ICO expects small businesses to apply the same effort in complying with GDPR rules as large companies.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Avoid GDPR Compliance Issues<\/h2>\n\n\n\n<p>The simplest way your business can avoid compliance issues is through complying with the GDPR. However, the GDPR is complex and lengthy, and compliance can be difficult to manage for many businesses. Some preliminary steps to limit the chance of GDPR breach include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>investing in robust anti-virus software and installing all updates promptly;<\/li><li>using strong passwords and two-factor authentication to access essential accounts;<\/li><li>putting policies in place that promote good data protection and subject access request handling;<\/li><li>providing a transparent and detailed privacy policy on your website; and<\/li><li>ensuring that your business carries out data audits and deletes out-of-date or irrelevant information.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Key Takeaways<\/h2>\n\n\n\n<p>It is more important than ever that small businesses in England follow data protection laws. Non-compliant businesses will be fined by the ICO. However, your company can comply with the fundamental principles of the GDPR by reviewing the guidance documents on the ICO website.<\/p>\n\n\n\n<p>If you need help ensuring your small business complies with the GDPR, our experienced <a href=\"https:\/\/legalvision.co.uk\/it-lawyers-lp\/\">Data, Privacy and IT lawyers<\/a> can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our <a href=\"https:\/\/legalvision.co.uk\/membership\/\">membership page<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions<\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1661737027205\"><strong class=\"schema-faq-question\"><strong>What should my company do upon receipt of a subject access request (SAR)?<\/strong><\/strong> <p class=\"schema-faq-answer\">Your first step should be to acknowledge receipt of the SAR and request any additional information needed. After this, you should conduct the relevant search and provide the documents to the individual within the appropriate time limit.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1661737036913\"><strong class=\"schema-faq-question\"><strong>Why does my business have to refer itself to the ICO for data breaches?<\/strong><\/strong> <p class=\"schema-faq-answer\">The requirement is in place to ensure that data breaches are acted upon by the ICO (to deter businesses from taking data protection rules lightly). Failure to self-refer within 72 hours of a personal data breach is a GDPR failure and likely to incur a financial penalty from the ICO.<\/p> <\/div> <\/div>\n<div class=\"not-prose m-feedback-prompt\">\n    <!-- Thumbs up\/down bar -->\n    <div class=\"m-feedback-prompt__main\">\n        <div class=\"m-feedback-prompt__title\">Was this article helpful?<\/div>\n        <div>\n            <!--span class=\"m-feedback-prompt__button--text\">Thanks!<\/span-->\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--yes\"\n                    data-analytics-link=\"feedback-prompt:yes\" aria-label=\"Agree\">\n                <i class=\"fa-regular fa-thumbs-up fa-3x\"><\/i>\n            <\/button>\n            <button type=\"button\" class=\"m-feedback-prompt__button m-feedback-prompt__button--no\"\n                    data-analytics-link=\"feedback-prompt:no\" aria-label=\"Disagree\">\n                <i class=\"fa-regular fa-thumbs-down fa-3x\"><\/i>\n            <\/button>\n        <\/div>\n    <\/div>\n\n    <!-- Feedback form -->\n    <div class=\"m-feedback-prompt__form\">\n        <div class=\"m-feedback-prompt__form--thanks \">\n            <div>Thanks!<\/div>\n            <p>\n                We appreciate your feedback \u2013 your submission has been successfully received.            <\/p>\n        <\/div>\n        <form id=\"contact-form\" class=\"m-feedback-prompt__form--form\" action=\"\" method=\"post\">\n            <input type=\"hidden\" id=\"authenticity_token\" name=\"authenticity_token\" value=\"9eb4f72322\" \/><input type=\"hidden\" name=\"_wp_http_referer\" value=\"\/api\/wp\/v2\/posts\/175364\" \/>            <input value=\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\" type=\"hidden\" name=\"currenturl\"\n                   id=\"currenturl\">\n            <input value=\"Why Does My Small Business in England Need to Worry About GDPR Compliance?\" type=\"hidden\" name=\"currenttitle\"\n                   id=\"currenttitle\">\n            <label>\n                <!-- display on thumbs-up -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--yes\">\n                    Can you tell us <span class=\"font-semibold\">why<\/span> you found it helpful?\n                <\/span>\n\n                <!-- display on thumbs-down -->\n                <span class=\"m-feedback-prompt__feedback m-feedback-prompt__feedback--no text-lg\">\n                    How can we better improve this article?\n                <\/span>\n                <textarea name=\"feedbackmessage\" id=\"feedbackmessage\" required><\/textarea>\n            <\/label>\n\n            <div class=\"m-feedback-prompt__form--error\" id=\"form-submit-error\"><\/div>\n            <button id=\"submit-contact-form-button\" type=\"submit\" name=\"commit\" class=\"m-feedback-prompt__form--submit\"\n                    data-analytics-link=\"feedback-prompt:submit\">\n                Submit            <\/button>\n        <\/form>\n    <\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>As a small business owner, you must be aware of the General Data Protection Regulation (GDPR). This impacts all businesses in England, both small and large. Furthermore, any breach of the GDPR by your organisation can result in a fine from the Information Commissioner\u2019s Office (ICO). The ICO enforces GDPR compliance and provides businesses with<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\">Continue reading <span class=\"sr-only\">&#8220;Why Does My Small Business in England Need to Worry About GDPR Compliance?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":13349,"featured_media":3254,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"2102,174764,1006,1251,985,2065","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[27],"tags":[20,365,642,746,798],"class_list":["post-175364","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-small-business","tag-gdpr","tag-gdpr-complicance","tag-ico","tag-data-protection-rules"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GDPR Compliance for Small Businesses | LegalVision UK<\/title>\n<meta name=\"description\" content=\"This article will explain why GDPR compliance is essential for your small business and the consequences of breaching data protection rules.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR Compliance for Small Businesses | LegalVision UK\" \/>\n<meta property=\"og:description\" content=\"This article will explain why GDPR compliance is essential for your small business and the consequences of breaching data protection rules.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-29T01:45:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-06T05:28:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"975\" \/>\n\t<meta property=\"og:image:height\" content=\"650\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Sutherland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Sutherland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\"},\"author\":{\"name\":\"Thomas Sutherland\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"headline\":\"Why Does My Small Business in England Need to Worry About GDPR Compliance?\",\"datePublished\":\"2022-08-29T01:45:49+00:00\",\"dateModified\":\"2022-09-06T05:28:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\"},\"wordCount\":765,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\",\"keywords\":[\"small business\",\"gdpr\",\"gdpr complicance\",\"ICO\",\"data protection rules\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\",\"url\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\",\"name\":\"GDPR Compliance for Small Businesses | LegalVision UK\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\",\"datePublished\":\"2022-08-29T01:45:49+00:00\",\"dateModified\":\"2022-09-06T05:28:06+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"description\":\"This article will explain why GDPR compliance is essential for your small business and the consequences of breaching data protection rules.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#faq-question-1661737027205\"},{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#faq-question-1661737036913\"}],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg\",\"width\":975,\"height\":650,\"caption\":\"WhatsApp Use: Legal Lessons for Data Protection | LegalVision UK\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Why Does My Small Business in England Need to Worry About GDPR Compliance?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\",\"name\":\"Thomas Sutherland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"contentUrl\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"caption\":\"Thomas Sutherland\"},\"description\":\"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/thomassutherland\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#faq-question-1661737027205\",\"name\":\"What should my company do upon receipt of a subject access request (SAR)?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Your first step should be to acknowledge receipt of the SAR and request any additional information needed. After this, you should conduct the relevant search and provide the documents to the individual within the appropriate time limit.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#faq-question-1661737036913\",\"name\":\"Why does my business have to refer itself to the ICO for data breaches?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The requirement is in place to ensure that data breaches are acted upon by the ICO (to deter businesses from taking data protection rules lightly). Failure to self-refer within 72 hours of a personal data breach is a GDPR failure and likely to incur a financial penalty from the ICO.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GDPR Compliance for Small Businesses | LegalVision UK","description":"This article will explain why GDPR compliance is essential for your small business and the consequences of breaching data protection rules.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/","og_locale":"en_GB","og_type":"article","og_title":"GDPR Compliance for Small Businesses | LegalVision UK","og_description":"This article will explain why GDPR compliance is essential for your small business and the consequences of breaching data protection rules.","og_url":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2022-08-29T01:45:49+00:00","article_modified_time":"2022-09-06T05:28:06+00:00","og_image":[{"width":975,"height":650,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","type":"image\/jpeg"}],"author":"Thomas Sutherland","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Thomas Sutherland","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/"},"author":{"name":"Thomas Sutherland","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"headline":"Why Does My Small Business in England Need to Worry About GDPR Compliance?","datePublished":"2022-08-29T01:45:49+00:00","dateModified":"2022-09-06T05:28:06+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/"},"wordCount":765,"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","keywords":["small business","gdpr","gdpr complicance","ICO","data protection rules"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-GB"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/","url":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/","name":"GDPR Compliance for Small Businesses | LegalVision UK","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","datePublished":"2022-08-29T01:45:49+00:00","dateModified":"2022-09-06T05:28:06+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"description":"This article will explain why GDPR compliance is essential for your small business and the consequences of breaching data protection rules.","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#faq-question-1661737027205"},{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#faq-question-1661737036913"}],"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2022\/05\/24122310\/business-image-0522195.jpg","width":975,"height":650,"caption":"WhatsApp Use: Legal Lessons for Data Protection | LegalVision UK"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/"},{"@type":"ListItem","position":3,"name":"Why Does My Small Business in England Need to Worry About GDPR Compliance?"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2","name":"Thomas Sutherland","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","contentUrl":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","caption":"Thomas Sutherland"},"description":"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.","sameAs":["https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/"],"url":"https:\/\/legalvision.co.uk\/author\/thomassutherland\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#faq-question-1661737027205","name":"What should my company do upon receipt of a subject access request (SAR)?","acceptedAnswer":{"@type":"Answer","text":"Your first step should be to acknowledge receipt of the SAR and request any additional information needed. After this, you should conduct the relevant search and provide the documents to the individual within the appropriate time limit.","inLanguage":"en-GB"},"inLanguage":"en-GB"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/gdpr-compliance-small-business\/#faq-question-1661737036913","name":"Why does my business have to refer itself to the ICO for data breaches?","acceptedAnswer":{"@type":"Answer","text":"The requirement is in place to ensure that data breaches are acted upon by the ICO (to deter businesses from taking data protection rules lightly). Failure to self-refer within 72 hours of a personal data breach is a GDPR failure and likely to incur a financial penalty from the ICO.","inLanguage":"en-GB"},"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13349"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=175364"}],"version-history":[{"count":5,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175364\/revisions"}],"predecessor-version":[{"id":175677,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/175364\/revisions\/175677"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/3254"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=175364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=175364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=175364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}