{"id":1794,"date":"2022-01-16T23:48:43","date_gmt":"2022-01-16T23:48:43","guid":{"rendered":"https:\/\/uk.legalvision.com.au\/?p=1794"},"modified":"2025-03-20T10:05:51","modified_gmt":"2025-03-20T10:05:51","slug":"how-does-gdpr-affect-my-business","status":"publish","type":"post","link":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/","title":{"rendered":"How Does GDPR Affect My Business?"},"content":{"rendered":"\n<p><span style=\"font-weight: 400\">The General Data Protection Regulation (GDPR) affects all businesses in the UK that collect personal data about their customers. The law creates <a href=\"https:\/\/legalvision.co.uk\/corporations\/complying-with-gdpr\/\">obligations on your business<\/a> around that personal data, how you collect it and what you do with it. Importantly, the fines for breaching GDPR are substantial. This article explains what you need to know about GDPR. It also explains how it affects your business and how you can ensure you comply with it.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What is GDPR?<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">GDPR stands for the General Data Protection Regulation. This is a European Union privacy law that came into effect in 2018 across the whole of the EU. At the time it came into effect, this included the UK.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">The GDPR rule gave EU individuals rights over their personal data. As a result, GDPR created <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/uk-gdpr-article-27-representatives\/\">obligations<\/a> on all businesses that supply or even target individuals living in the EU. Although the UK left the EU on 1 January 2021, GDPR was incorporated into UK law. That means that UK businesses must still comply with GDPR.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What is Personal Data?<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">Personal data is information about a specific identifiable individual that relates to them. For example, you can consider any of the following personal data:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">a person\u2019s name;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">an identification number like a National Insurance number;&nbsp;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">location information;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">a person\u2019s IP address.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">Essentially, it is information that you can use to identify a person or could be used to identify someone. The information held must also relate to that person to constitute personal data for GDPR.&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Whether information relates to the identified or identifiable person is more complex and depends on various factors. These factors include what the data is and why you are collecting it. It also includes the effect of processing that data on the individual in question.<\/span><\/p>\n\n\n\n\n<a href=\"#content-next\"\n   class=\"block p-4 mt-10 text-xl font-bold text-center text-white no-underline bg-gray-800 rounded-t-xl\">\n    Continue reading this article below the form\n    <i class=\"text-xl fa-regular fa-arrow-down\"><\/i>\n<\/a>\n<div class=\"px-6 pt-10 pb-12 mb-10 text-center bg-gray-100 rounded-b-xl sm:px-12 test\">\n    <div class=\"mb-8 text-2xl font-bold text-orange\">\n        Need legal advice?\n        <br>\n        <span class=\"text-lg not-prose\">\n                            Call <a href=\"tel:+448081968584\" class=\"not-prose\">0808 196 8584<\/a> for urgent assistance.\n                <br>\n                Otherwise, complete this form, and we will contact you within one business day.\n                    <\/span>\n    <\/div>\n\n    \n\n<div class=\"not-prose flex justify-center text-left gform_input_bg_white    \">\n    <script>\nvar gform;gform||(document.addEventListener(\"gform_main_scripts_loaded\",function(){gform.scriptsLoaded=!0}),document.addEventListener(\"gform\/theme\/scripts_loaded\",function(){gform.themeScriptsLoaded=!0}),window.addEventListener(\"DOMContentLoaded\",function(){gform.domLoaded=!0}),gform={domLoaded:!1,scriptsLoaded:!1,themeScriptsLoaded:!1,isFormEditor:()=>\"function\"==typeof InitializeEditor,callIfLoaded:function(o){return!(!gform.domLoaded||!gform.scriptsLoaded||!gform.themeScriptsLoaded&&!gform.isFormEditor()||(gform.isFormEditor()&&console.warn(\"The use of gform.initializeOnLoaded() is deprecated in the form editor context and will be removed in Gravity Forms 3.1.\"),o(),0))},initializeOnLoaded:function(o){gform.callIfLoaded(o)||(document.addEventListener(\"gform_main_scripts_loaded\",()=>{gform.scriptsLoaded=!0,gform.callIfLoaded(o)}),document.addEventListener(\"gform\/theme\/scripts_loaded\",()=>{gform.themeScriptsLoaded=!0,gform.callIfLoaded(o)}),window.addEventListener(\"DOMContentLoaded\",()=>{gform.domLoaded=!0,gform.callIfLoaded(o)}))},hooks:{action:{},filter:{}},addAction:function(o,r,e,t){gform.addHook(\"action\",o,r,e,t)},addFilter:function(o,r,e,t){gform.addHook(\"filter\",o,r,e,t)},doAction:function(o){gform.doHook(\"action\",o,arguments)},applyFilters:function(o){return gform.doHook(\"filter\",o,arguments)},removeAction:function(o,r){gform.removeHook(\"action\",o,r)},removeFilter:function(o,r,e){gform.removeHook(\"filter\",o,r,e)},addHook:function(o,r,e,t,n){null==gform.hooks[o][r]&&(gform.hooks[o][r]=[]);var d=gform.hooks[o][r];null==n&&(n=r+\"_\"+d.length),gform.hooks[o][r].push({tag:n,callable:e,priority:t=null==t?10:t})},doHook:function(r,o,e){var t;if(e=Array.prototype.slice.call(e,1),null!=gform.hooks[r][o]&&((o=gform.hooks[r][o]).sort(function(o,r){return o.priority-r.priority}),o.forEach(function(o){\"function\"!=typeof(t=o.callable)&&(t=window[t]),\"action\"==r?t.apply(null,e):e[0]=t.apply(null,e)})),\"filter\"==r)return e[0]},removeHook:function(o,r,t,n){var e;null!=gform.hooks[o][r]&&(e=(e=gform.hooks[o][r]).filter(function(o,r,e){return!!(null!=n&&n!=o.tag||null!=t&&t!=o.priority)}),gform.hooks[o][r]=e)}});\n<\/script>\n\n                <div class='gf_browser_gecko gform_wrapper gravity-theme gform-theme--no-framework lawyer-form_wrapper gplaceholder_wrapper form-with-labels-no-asterisks_wrapper has-new-validation-error-styling_wrapper' data-form-theme='gravity-theme' data-form-index='0' id='gform_wrapper_2453' style='display:none'><div id='gf_2453' class='gform_anchor' tabindex='-1'><\/div><form method='post' enctype='multipart\/form-data' target='gform_ajax_frame_2453' id='gform_2453' class='lawyer-form gplaceholder form-with-labels-no-asterisks has-new-validation-error-styling' action='\/api\/wp\/v2\/posts\/1794#gf_2453' data-formid='2453' novalidate>\n                        <div class='gform-body gform_body'><div id='gform_fields_2453' class='gform_fields top_label form_sublabel_below description_below validation_below'><div id=\"field_2453_1000\" class=\"gfield gfield--type-honeypot gform_validation_container field_sublabel_below gfield--has-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1000'>Instagram<\/label><div class='ginput_container'><input name='input_1000' id='input_2453_1000' type='text' value='' autocomplete='new-password'\/><\/div><div class='gfield_description' id='gfield_description_2453_1000'>This field is for validation purposes and should be left unchanged.<\/div><\/div><div id=\"field_2453_1\" class=\"gfield gfield--type-text gfield--input-type-text gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_1'>First Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_1' id='input_2453_1' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_12\" class=\"gfield gfield--type-text gfield--input-type-text gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_12'>Last Name<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_text'><input name='input_12' id='input_2453_12' type='text' value='' class='medium'     aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_2\" class=\"gfield gfield--type-email gfield--input-type-email gf_left_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_2'>Email Address<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_email'>\n                            <input name='input_2' id='input_2453_2' type='email' value='' class='medium'    aria-required=\"true\" aria-invalid=\"false\"  \/>\n                        <\/div><\/div><div id=\"field_2453_3\" class=\"gfield gfield--type-phone gfield--input-type-phone gf_right_half gfield--width-half gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_3'>Phone<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_phone'><input name='input_3' id='input_2453_3' type='tel' value='' class='medium'   aria-required=\"true\" aria-invalid=\"false\"   \/><\/div><\/div><div id=\"field_2453_14\" class=\"gfield gfield--type-select gfield--input-type-select gfield--width-full custom-select gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_14'>Number of Employees in Your Business<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_select'><select name='input_14' id='input_2453_14' class='large gfield_select'    aria-required=\"true\" aria-invalid=\"false\" ><option value='' selected='selected'>Select ...<\/option><option value='0' >0<\/option><option value='1' >1-5<\/option><option value='6' >6-20<\/option><option value='21' >21-50<\/option><option value='51' >51-250<\/option><option value='250' >250+<\/option><\/select><\/div><\/div><div id=\"field_2453_4\" class=\"gfield gfield--type-textarea gfield--input-type-textarea gfield_contains_required field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><label class='gfield_label gform-field-label' for='input_2453_4'>Tell us about your enquiry<span class=\"gfield_required\"><span class=\"gfield_required gfield_required_text\">(Required)<\/span><\/span><\/label><div class='ginput_container ginput_container_textarea'><textarea name='input_4' id='input_2453_4' class='textarea medium'     aria-required=\"true\" aria-invalid=\"false\"   rows='10' cols='50'><\/textarea><\/div><\/div><div id=\"field_2453_5\" class=\"gfield gfield--type-html gfield--input-type-html gfield_html gfield_html_formatted gfield_no_follows_desc field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  >By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. View our <a href=\"https:\/\/legalvision.co.uk\/privacy-notice\/\" target=\"_blank\">Privacy Policy<\/a>. <\/div><div id=\"field_2453_8\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_8' id='input_2453_8' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='http:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/1794' \/><\/div><\/div><div id=\"field_2453_13\" class=\"gfield gfield--type-hidden gfield--input-type-hidden gform_hidden field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><div class='ginput_container ginput_container_text'><input name='input_13' id='input_2453_13' type='hidden' class='gform_hidden'  aria-invalid=\"false\" value='generic_form' \/><\/div><\/div><fieldset id=\"field_2453_999\" class=\"gfield gfield--type-checkbox gfield--type-choice gfield__uk-marketo-opt-in field_sublabel_below gfield--no-description field_description_below field_validation_below gfield_visibility_visible\"  ><legend class='gfield_label gform-field-label screen-reader-text' ><\/legend><div class='ginput_container ginput_container_checkbox'><div class='gfield_checkbox ' id='input_2453_999'><div class='gchoice gchoice_2453_999_1'>\n\t\t\t\t\t\t\t\t<input class='gfield-choice-input' name='input_999.1' type='checkbox'  value='1'  id='choice_2453_999_1'   \/>\n\t\t\t\t\t\t\t\t<label for='choice_2453_999_1' id='label_2453_999_1' class='gform-field-label gform-field-label--type-inline'>By submitting this form, you agree to receive content and event invitations from us to help you grow your business. If you do not want to receive such messages, tick here.<\/label>\n\t\t\t\t\t\t\t<\/div><\/div><\/div><\/fieldset><\/div><\/div>\n        <div class='gform-footer gform_footer top_label'> <button type=\"submit\" id=\"gform_submit_button_2453\" class=\"gform_button button\" onclick=\"gform.submission.handleButtonClick(this);\" data-submission-type=\"submit\"><span class=\"gform_submit_button__text\">Submit Now<\/span><\/button> <input type='hidden' name='gform_ajax' value='form_id=2453&amp;title=&amp;description=&amp;tabindex=0&amp;theme=gravity-theme&amp;hash=ec2463697d0d9cef7b71236ae60964c7' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submission_method' data-js='gform_submission_method_2453' value='iframe' \/>\n            <input type='hidden' class='gform_hidden' name='gform_theme' data-js='gform_theme_2453' id='gform_theme_2453' value='gravity-theme' \/>\n            <input type='hidden' class='gform_hidden' name='gform_style_settings' data-js='gform_style_settings_2453' id='gform_style_settings_2453' value='' \/>\n            <input type='hidden' class='gform_hidden' name='is_submit_2453' value='1' \/>\n            <input type='hidden' class='gform_hidden' name='gform_submit' value='2453' \/>\n            \n            <input type='hidden' class='gform_hidden' name='gform_currency' data-currency='GBP' value='WtX1WyfVqJjtsX355PEN+rLiP0Orq3DsbyCyvkddwH6eo7+bVTPaGjhn\/8oua5B8LJr2CwVDAqt0GJTf1ZqthegfQ4CGSjVpxiNek9mmV1dyBG8=' \/>\n            <input type='hidden' class='gform_hidden' name='gform_unique_id' value='' \/>\n            <input type='hidden' class='gform_hidden' name='state_2453' value='WyJ7XCIxNFwiOltcIjIyODY0N2ViMWU3NTcxZjA4YTY4NGJmMDcwMTk3Y2I0XCIsXCJiMzk3YmQ1MDBmMmFjNjk1ODE4MzdmNTBhYTA2MzQ0OFwiLFwiNGYyNGZkZGEwMzlkNDUxMWFhZGE1NGYwZmQwZmNiZTdcIixcIjUyMmJkMDE2M2I2ZmEwOTI3NDZhZjU5YTg0ZmM1NDk5XCIsXCIzODRlNjk1YjQxMTAzMWFiYmQ2ODEyMGYyZWFhMDYyNlwiLFwiYjkzNDcwNTE2MjkxOGRjZWViMjQzNzRjNmE0NGVmNTlcIixcIjQxMTliODZhMzVjYzJiMWViNDZiMmQ4NjRlNGUzZmNjXCJdfSIsIjQ3MjNiMzA2ZDIyZGVkODA2N2YyMjYyOThkYzI1ODVmIl0=' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_target_page_number_2453' id='gform_target_page_number_2453' value='0' \/>\n            <input type='hidden' autocomplete='off' class='gform_hidden' name='gform_source_page_number_2453' id='gform_source_page_number_2453' value='1' \/>\n            <input type='hidden' name='gform_field_values' value='' \/>\n            \n        <\/div>\n                        <\/form>\n                        <\/div>\n\t\t                <iframe style='display:none;width:0px;height:0px;' src='about:blank' name='gform_ajax_frame_2453' id='gform_ajax_frame_2453' title='This iframe contains the logic required to handle Ajax powered Gravity Forms.'><\/iframe>\n\t\t                <script>\ngform.initializeOnLoaded( function() {gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery('#gform_ajax_frame_2453').on('load',function(){var contents = jQuery(this).contents().find('*').html();var is_postback = contents.indexOf('GF_AJAX_POSTBACK') >= 0;if(!is_postback){return;}var form_content = jQuery(this).contents().find('#gform_wrapper_2453');var is_confirmation = jQuery(this).contents().find('#gform_confirmation_wrapper_2453').length > 0;var is_redirect = contents.indexOf('gformRedirect(){') >= 0;var is_form = form_content.length > 0 && ! is_redirect && ! is_confirmation;var mt = parseInt(jQuery('html').css('margin-top'), 10) + parseInt(jQuery('body').css('margin-top'), 10) + 100;if(is_form){form_content.find('form').css('opacity', 0);jQuery('#gform_wrapper_2453').html(form_content.html());if(form_content.hasClass('gform_validation_error')){jQuery('#gform_wrapper_2453').addClass('gform_validation_error');} else {jQuery('#gform_wrapper_2453').removeClass('gform_validation_error');}setTimeout( function() { \/* delay the scroll by 50 milliseconds to fix a bug in chrome *\/ jQuery(document).scrollTop(jQuery('#gform_wrapper_2453').offset().top - mt); }, 50 );if(window['gformInitDatepicker']) {gformInitDatepicker();}if(window['gformInitPriceFields']) {gformInitPriceFields();}var current_page = jQuery('#gform_source_page_number_2453').val();gformInitSpinner( 2453, 'https:\/\/legalvision.co.uk\/wp-content\/themes\/legalv-v6\/img\/spinner.svg', true );jQuery(document).trigger('gform_page_loaded', [2453, current_page]);window['gf_submitting_2453'] = false;}else if(!is_redirect){var confirmation_content = jQuery(this).contents().find('.GF_AJAX_POSTBACK').html();if(!confirmation_content){confirmation_content = contents;}jQuery('#gform_wrapper_2453').replaceWith(confirmation_content);jQuery(document).scrollTop(jQuery('#gf_2453').offset().top - mt);jQuery(document).trigger('gform_confirmation_loaded', [2453]);window['gf_submitting_2453'] = false;wp.a11y.speak(jQuery('#gform_confirmation_message_2453').text());}else{jQuery('#gform_2453').append(contents);if(window['gformRedirect']) {gformRedirect();}}jQuery(document).trigger(\"gform_pre_post_render\", [{ formId: \"2453\", currentPage: \"current_page\", abort: function() { this.preventDefault(); } }]);        if (event && event.defaultPrevented) {                return;        }        const gformWrapperDiv = document.getElementById( \"gform_wrapper_2453\" );        if ( gformWrapperDiv ) {            const visibilitySpan = document.createElement( \"span\" );            visibilitySpan.id = \"gform_visibility_test_2453\";            gformWrapperDiv.insertAdjacentElement( \"afterend\", visibilitySpan );        }        const visibilityTestDiv = document.getElementById( \"gform_visibility_test_2453\" );        let postRenderFired = false;        function triggerPostRender() {            if ( postRenderFired ) {                return;            }            postRenderFired = true;            gform.core.triggerPostRenderEvents( 2453, current_page );            if ( visibilityTestDiv ) {                visibilityTestDiv.parentNode.removeChild( visibilityTestDiv );            }        }        function debounce( func, wait, immediate ) {            var timeout;            return function() {                var context = this, args = arguments;                var later = function() {                    timeout = null;                    if ( !immediate ) func.apply( context, args );                };                var callNow = immediate && !timeout;                clearTimeout( timeout );                timeout = setTimeout( later, wait );                if ( callNow ) func.apply( context, args );            };        }        const debouncedTriggerPostRender = debounce( function() {            triggerPostRender();        }, 200 );        if ( visibilityTestDiv && visibilityTestDiv.offsetParent === null ) {            const observer = new MutationObserver( ( mutations ) => {                mutations.forEach( ( mutation ) => {                    if ( mutation.type === 'attributes' && visibilityTestDiv.offsetParent !== null ) {                        debouncedTriggerPostRender();                        observer.disconnect();                    }                });            });            observer.observe( document.body, {                attributes: true,                childList: false,                subtree: true,                attributeFilter: [ 'style', 'class' ],            });        } else {            triggerPostRender();        }    } );} );\n<\/script>\n<\/div>\n<\/div>\n<div id=\"content-next\"><!-- scroll anchor --><\/div>\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Data Controller vs Data Processor<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">The effect of GDPR on your business depends on whether you are considered a data controller or a data processor.&nbsp;&nbsp;<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">Simply put, a data controller decides why and how <a href=\"https:\/\/legalvision.co.uk\/ecommerce-online-business\/personal-data-e-commerce\/\">personal data<\/a> is collected from an individual. A data processor processes that data for the data controller. However, a data processor does not decide who the data is collected from or why it is collected. A data processor has several obligations under GDPR, including keeping records of personal data and data processing activities. <\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">On the other hand, a data controller has more substantial obligations. As well as complying with all the obligations of GDPR that would apply to data processors, data controllers must also ensure that the data processors they use comply with GDPR.<\/span><\/p>\n\n\n\n<div class=\"box box--icon box--info\">\n<p><span style=\"font-weight: 400\">If you are running a business in the UK that sells goods or services to UK or EU customers, you are likely to be considered a data controller. <\/span><\/p>\n<\/div>\n\n\n\n<p><span style=\"font-weight: 400\">For example, you decide what information you need from your customers to sell and market to them, and you decide how you keep that data and what you do with it. All of those things are activities of a data controller, not a data processor.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">How to Ensure Your Business is GDPR Compliant<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">GDPR has seven fundamental principles which underlie your obligations. These principles state that personal data regarding individuals must be:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">processed lawfully, fairly and transparently;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">collected for specified, explicit and legitimate purposes;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">adequate, relevant and limited to what is necessary for why you are collecting it;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">accurate and kept up to date (where that is relevant);<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">kept in a form that allows identification of the individual for no longer than it is necessary for the reasons why it is collected; and<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">processed in a way that has appropriate security to guard against unlawful access or processing.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">Essentially, you must comply with these seven principles and ensure that any third parties who process data on your behalf also comply with these principles. The <\/span><a href=\"https:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/\"><span style=\"font-weight: 400\">Information Commissioner\u2019s Office (ICO) website<\/span><\/a><span style=\"font-weight: 400\"> contains helpful information and checklists to ensure you understand your business\u2019 obligations under GDPR.&nbsp;<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Lawful Processing of Personal Data<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">There are several lawful bases for processing personal data. For most businesses in the UK, it is lawful if the individual has consented to you processing their personal data. You also need certain information to process customer orders. For example, you cannot process a customer\u2019s order for physical goods if you do not have their name and address. Collecting information that allows you to complete customer orders is lawful for GDPR.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">GDPR creates <a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/privacy-obligations\/\">privacy obligations<\/a> on you to explain why you are processing your customer\u2019s personal data and the lawful basis for processing it. For this and other GDPR obligations, you must have a comprehensive privacy policy that explains this information.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">If you are collecting personal data on the basis that the individual has consented to it, that consent must be explicit. For example, if you have a form on your website which allows a person to sign up for your email newsletter, they must indicate that they understand that you will add them to your mailing list. You can usually accomplish this by including a checkbox that the person must actively tick.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What Rights Do I Need To Be Aware Of?<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">GDPR gives individuals eight rights over their personal data, which are the rights to:<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"font-weight: 400\">information;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">access;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">rectification;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">erasure;<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">restrict processing; and<\/span><\/li>\n\n\n\n<li><span style=\"font-weight: 400\">data portability.<\/span><\/li>\n<\/ul>\n\n\n\n<p><span style=\"font-weight: 400\">These rights place further obligations on you as a business owner. For example, as indicated above, the right to be informed means you must provide individuals with information about the data you are collecting and why you are collecting it. This is why you need a privacy policy for your business. In addition, there may be other policies that you need to put in place to demonstrate your business\u2019 compliance with GDPR. The&nbsp;<\/span><a href=\"https:\/\/ico.org.uk\/for-organisations\/guide-to-data-protection\/guide-to-the-general-data-protection-regulation-gdpr\/accountability-and-governance\/\"><span style=\"font-weight: 400\">ICO website<\/span><\/a> <span style=\"font-weight: 400\">includes a section on accountability with various checklists so you can consider what policies your business needs.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">The rights listed above are essential to note. Indeed, if an individual wants to exercise their rights, you must comply with their request. Hence, it is essential to consider how you process such requests as a business policy. Again, the ICO website has valuable checklists to help you with this.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">What Happens If I Do Not Comply with GDPR?<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">The fines for not complying with GDPR are substantial and can be as much as \u00a317.5 million or 4% of your annual turnover. Therefore you must ensure your company complies with GDPR.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Key Takeaways<\/span><\/h2>\n\n\n\n<p><span style=\"font-weight: 400\">You must ensure your business is GDPR compliant. GDPR places obligations on you to ensure that all personal data you collect from individuals based in the UK or EU is in keeping with the seven principles of GDPR listed above and that you can demonstrate you have processes and policies in place to ensure that individuals can exercise the rights over their personal rights that GDPR gives them.<\/span><\/p>\n\n\n\n<p><span style=\"font-weight: 400\">If you need help ensuring your business is compliant with GDPR, our <a href=\"https:\/\/legalvision.co.uk\/it-lawyers-lp\/\">experienced data, privacy and IT lawyers<\/a> can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on <a href=\"tel:+448081968584\" class=\"AVANSERnumber dynamic-number\">0808 196 8584<\/a> or visit our<\/span>&nbsp;<a href=\"https:\/\/legalvision.co.uk\/membership\"><span style=\"font-weight: 400\">membership page<\/span><\/a><span style=\"font-weight: 400\">.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span style=\"font-weight: 400\">Frequently Asked Questions<\/span><\/h2>\n\n\n\n<div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1642376679197\"><strong class=\"schema-faq-question\">I run a small business. Do I still need to abide by GDPR?<\/strong> <p class=\"schema-faq-answer\">Yes, GDPR rules apply to all businesses regardless of their size. You need to make sure you have a straightforward privacy policy so your customers understand what data you are collecting and why. You need to make sure the way you hold that data is secure and that you can easily update or delete a customer\u2019s information if they request you to.<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1642376830048\"><strong class=\"schema-faq-question\">\u00a0How do I ensure that a person consents to my business collecting their data?<\/strong> <p class=\"schema-faq-answer\">Individuals must give explicit consent to have their data collected by your business. The easiest way to accomplish this is to ensure that the individual completes an overt action. For example, before providing you with their email address, you could ensure that they have to tick a check box that confirms they understand and consent to provide you with that email address.<\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>The General Data Protection Regulation (GDPR) affects all businesses in the UK that collect personal data about their customers. The law creates obligations on your business around that personal data, how you collect it and what you do with it. Importantly, the fines for breaching GDPR are substantial. This article explains what you need to<a href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\">Continue reading <span class=\"sr-only\">&#8220;How Does GDPR Affect My Business?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":13349,"featured_media":660,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"1306,882,2073,1402,1134,794","_relevanssi_noindex_reason":"","editor_notices":[],"footnotes":""},"categories":[27],"tags":[365,382,383,384],"class_list":["post-1794","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-privacy-it","tag-gdpr","tag-privacy","tag-data-controller","tag-data-processor"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How Does GDPR Affect My Business? | LegalVision UK<\/title>\n<meta name=\"description\" content=\"This article explains what you need to know about GDPR and how it affects your business and how you can ensure you comply with it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Does GDPR Affect My Business? | LegalVision UK\" \/>\n<meta property=\"og:description\" content=\"This article explains what you need to know about GDPR and how it affects your business and how you can ensure you comply with it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\" \/>\n<meta property=\"og:site_name\" content=\"LegalVision UK\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/LegalVision\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-16T23:48:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-20T10:05:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"1067\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Sutherland\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:site\" content=\"@LegalVision_law\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Sutherland\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\"},\"author\":{\"name\":\"Thomas Sutherland\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"headline\":\"How Does GDPR Affect My Business?\",\"datePublished\":\"2022-01-16T23:48:43+00:00\",\"dateModified\":\"2025-03-20T10:05:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\"},\"wordCount\":1344,\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg\",\"keywords\":[\"gdpr\",\"privacy\",\"data controller\",\"data processor\"],\"articleSection\":[\"Data, Privacy and IT Articles\"],\"inLanguage\":\"en-GB\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\",\"url\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\",\"name\":\"How Does GDPR Affect My Business? | LegalVision UK\",\"isPartOf\":{\"@id\":\"https:\/\/legalvision.co.uk\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg\",\"datePublished\":\"2022-01-16T23:48:43+00:00\",\"dateModified\":\"2025-03-20T10:05:51+00:00\",\"author\":{\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\"},\"description\":\"This article explains what you need to know about GDPR and how it affects your business and how you can ensure you comply with it.\",\"breadcrumb\":{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#faq-question-1642376679197\"},{\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#faq-question-1642376830048\"}],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#primaryimage\",\"url\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg\",\"contentUrl\":\"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg\",\"width\":1600,\"height\":1067,\"caption\":\"Negligent Misstatement: Legal Liability and Defences | LegalVision UK\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/legalvision.co.uk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data, Privacy and IT Articles\",\"item\":\"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How Does GDPR Affect My Business?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/legalvision.co.uk\/#website\",\"url\":\"https:\/\/legalvision.co.uk\/\",\"name\":\"LegalVision UK\",\"description\":\"LegalVision is a commercial law firm in the UK with a commitment to innovation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/legalvision.co.uk\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2\",\"name\":\"Thomas Sutherland\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"contentUrl\":\"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg\",\"caption\":\"Thomas Sutherland\"},\"description\":\"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/\"],\"url\":\"https:\/\/legalvision.co.uk\/author\/thomassutherland\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#faq-question-1642376679197\",\"name\":\"I run a small business. Do I still need to abide by GDPR?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes, GDPR rules apply to all businesses regardless of their size. You need to make sure you have a straightforward privacy policy so your customers understand what data you are collecting and why. You need to make sure the way you hold that data is secure and that you can easily update or delete a customer\u2019s information if they request you to.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#faq-question-1642376830048\",\"name\":\"\u00a0How do I ensure that a person consents to my business collecting their data?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Individuals must give explicit consent to have their data collected by your business. The easiest way to accomplish this is to ensure that the individual completes an overt action. For example, before providing you with their email address, you could ensure that they have to tick a check box that confirms they understand and consent to provide you with that email address.\",\"inLanguage\":\"en-GB\"},\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Does GDPR Affect My Business? | LegalVision UK","description":"This article explains what you need to know about GDPR and how it affects your business and how you can ensure you comply with it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/","og_locale":"en_GB","og_type":"article","og_title":"How Does GDPR Affect My Business? | LegalVision UK","og_description":"This article explains what you need to know about GDPR and how it affects your business and how you can ensure you comply with it.","og_url":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/","og_site_name":"LegalVision UK","article_publisher":"https:\/\/www.facebook.com\/LegalVision","article_published_time":"2022-01-16T23:48:43+00:00","article_modified_time":"2025-03-20T10:05:51+00:00","og_image":[{"width":1600,"height":1067,"url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg","type":"image\/jpeg"}],"author":"Thomas Sutherland","twitter_card":"summary_large_image","twitter_creator":"@LegalVision_law","twitter_site":"@LegalVision_law","twitter_misc":{"Written by":"Thomas Sutherland","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#article","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/"},"author":{"name":"Thomas Sutherland","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"headline":"How Does GDPR Affect My Business?","datePublished":"2022-01-16T23:48:43+00:00","dateModified":"2025-03-20T10:05:51+00:00","mainEntityOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/"},"wordCount":1344,"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg","keywords":["gdpr","privacy","data controller","data processor"],"articleSection":["Data, Privacy and IT Articles"],"inLanguage":"en-GB"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/","url":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/","name":"How Does GDPR Affect My Business? | LegalVision UK","isPartOf":{"@id":"https:\/\/legalvision.co.uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#primaryimage"},"image":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#primaryimage"},"thumbnailUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg","datePublished":"2022-01-16T23:48:43+00:00","dateModified":"2025-03-20T10:05:51+00:00","author":{"@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2"},"description":"This article explains what you need to know about GDPR and how it affects your business and how you can ensure you comply with it.","breadcrumb":{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#faq-question-1642376679197"},{"@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#faq-question-1642376830048"}],"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#primaryimage","url":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg","contentUrl":"https:\/\/img.legalvision.com.au\/wp-content\/uploads\/sites\/4\/2021\/11\/30230648\/brand-design-00205.jpg","width":1600,"height":1067,"caption":"Negligent Misstatement: Legal Liability and Defences | LegalVision UK"},{"@type":"BreadcrumbList","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/legalvision.co.uk\/"},{"@type":"ListItem","position":2,"name":"Data, Privacy and IT Articles","item":"https:\/\/legalvision.co.uk\/category\/data-privacy-it\/"},{"@type":"ListItem","position":3,"name":"How Does GDPR Affect My Business?"}]},{"@type":"WebSite","@id":"https:\/\/legalvision.co.uk\/#website","url":"https:\/\/legalvision.co.uk\/","name":"LegalVision UK","description":"LegalVision is a commercial law firm in the UK with a commitment to innovation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/legalvision.co.uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/46d22f7d1b4ba321fe5b1cdc648cc5d2","name":"Thomas Sutherland","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/legalvision.co.uk\/#\/schema\/person\/image\/","url":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","contentUrl":"https:\/\/legalvision.co.uk\/wp-content\/uploads\/sites\/4\/2022\/05\/cropped-Thomas-Sutherland-96x96.jpg","caption":"Thomas Sutherland"},"description":"Tom is an Expert Legal Contributor for LegalVision. He has particular expertise in Commercial and Employment litigation, as well as data protection and privacy regulations. He is a qualified Solicitor in England and Wales and has a decade of legal experience, including advocacy within civil courts and Tribunals. Tom specialises in civil and employment litigation. He has extensive experience in advising employers and companies as to the requirements of employment law and data protection rules, as well as day-to-day advice on smooth running from a commercial perspective. Qualifications: Professional Skills Course - Law, University of Law; Legal Practice Course - Law, College of Law; Bachelor of Laws, University of Southampton.","sameAs":["https:\/\/www.linkedin.com\/in\/tom-sutherland-72b4509b\/"],"url":"https:\/\/legalvision.co.uk\/author\/thomassutherland\/"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#faq-question-1642376679197","name":"I run a small business. Do I still need to abide by GDPR?","acceptedAnswer":{"@type":"Answer","text":"Yes, GDPR rules apply to all businesses regardless of their size. You need to make sure you have a straightforward privacy policy so your customers understand what data you are collecting and why. You need to make sure the way you hold that data is secure and that you can easily update or delete a customer\u2019s information if they request you to.","inLanguage":"en-GB"},"inLanguage":"en-GB"},{"@type":"Question","@id":"https:\/\/legalvision.co.uk\/data-privacy-it\/how-does-gdpr-affect-my-business\/#faq-question-1642376830048","name":"\u00a0How do I ensure that a person consents to my business collecting their data?","acceptedAnswer":{"@type":"Answer","text":"Individuals must give explicit consent to have their data collected by your business. The easiest way to accomplish this is to ensure that the individual completes an overt action. For example, before providing you with their email address, you could ensure that they have to tick a check box that confirms they understand and consent to provide you with that email address.","inLanguage":"en-GB"},"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/1794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/users\/13349"}],"replies":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/comments?post=1794"}],"version-history":[{"count":8,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/1794\/revisions"}],"predecessor-version":[{"id":193052,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/posts\/1794\/revisions\/193052"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media\/660"}],"wp:attachment":[{"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/media?parent=1794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/categories?post=1794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/legalvision.co.uk\/api\/wp\/v2\/tags?post=1794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}