Design and Planning

GDPR Checklist for Small Businesses

GDPR Checklist for Small Businesses

Is getting ready to comply with the GDPR at the top of your to-do list? With the implementation date just around the corner, it is time to consider how your business will be impacted and what you need to do to be ready. We’ve compiled a checklist that small businesses can use to plan their course of action.

Understand Personal Data Within your Business

Before anything else, you must be able to understand types of personal data your business is handling (i.e. name, email, address, bank details, etc) and what can be considered as sensitive data (i.e. health information, religious views, etc). You also should know where the data comes from, where it is stored and how it is used.

Develop a Consent Policy

Do you require consent to process personal data? Under the GDPR, consent needs to be explicit, clear and specific, which can make some activities (such as marketing) more difficult. Understand where you need to acquire consent.

Make your Security Policies GDPR-compliant

Spend some time reviewing and updating your security measures and policies – if you don’t have any, get some in place. Using encryption is generally recommended and can avoid your business hefty fines in the event of a data breach.

Prepare for Access Requests

Under the GDPR, all citizens will have the right to access their personal data, rectify inaccurate data, object to their data being processed or even completely erase any of their personal data you hold. You will need to be able to process such requests within the required timeframe.

Create Fair Processing Notices

Under the GDPR, you will be required to use fair processing notices to clearly describe to individuals what you are doing with their personal data. You should include why you are holding the data, who you may be sending the data to (i.e. employee, customer, supplier, etc) and how long you’ll be holding the data for.

Train Your Employees

Everybody in the business should understand what constitutes a personal data breach and how to pick up the signals. All employees should be made aware of the need to report any mistakes or breach to the person responsible for data protection (i.e. the DPO) within 72 hours.

Conduct Due-Diligence on your Supply Chain

To avoid being impacted by any data breaches (and consequent penalties), make sure that all suppliers and contractors are GDPR-compliant. You’ll also need to make sure that you have the right supplier and contractor contract terms in place.

Do you Need to Employ a Data Protection Officer (DPO)?

Unless your business is processing large volumes of personal data, your small business may not need to employ a full-time DPO. However, it is recommended to appoint someone responsible for data protection within the business. Or use a virtual or outsourced option.

Even if you do not hire a full-time DPO, getting all processes and documents in place to be GDPR-compliant can be a lot to take in for small business owners. We can help you assess areas of risks and get prepared to comply with the GDPR. Don’t hesitate to get in touch if this is something you’d like to discuss!

No Warranty No Clarity

This blog is part 2 of a series of 5 that is preoccupied with small business using contracts to avoid contractual disputes. Court is an expensive pursuit and building self-remedy or clauses into your contract, that are enforceable and offer solutions to problems that may arise is practically useful to small businesses. A considered contract can help you save money, time and effort.

Warranty in simple terms means performance. So outlining how the product or service will perform seems obvious but in many cases, the details provided are scant at best. In many cases, the contract generally fails to outline the key aspects of performance and in turn creates ambiguity. It’s this grey area that can lead to further issues, as during times of dispute, areas of uncertainty become points of discussion or argument.

This gets even more troublesome when there’s a returns policy or a maintenance/service agreement to support post installation or delivery. Stating what is covered by the contract with regards to the basic product’s functionality is one thing but when something breaks or fails to work, what then? Remember these products or service are manufactured and delivered by humans, so things happen, the important thing is outlining what happens next?

Going to the trouble of employing the right contract drafter to ask the right questions and create a contract that is designed to help both parties work together long-term, is worthwhile. Contracts are avoided by those who see no need for outlining the negatives…..but knowing what might happen in the event of….is arguably good customer service and is considerate to both you and your customers time and energy.

The next blog will focus on intellectual property…..

A change in the law leads to new liability for Design and Planners.

Changes to the Construction (Design and Management) regulations 2015, means that those companies (including sole traders), that offer design and planning services to both consumer (householders) and businesses could be liable for health and safety breaches on site even though the builder is the one doing the work.

Not unlike the smoking ban the liability is on those with a lot to lose, the law in that instance targets the smoker through the publican for having a person smoking on the premises, this act pushes the owner to act.  Laws are anthropological, they drive behaviour, whether you agree or disagree with them, it still means the law needs to be adhered to and in the example of the design and planner navigated so their risk is managed and the business protected.

When laws are structured like so, I can’t help but feel more than a little sympathy for the – in this instance – the design and planner who now starts the process of introducing a standard to the chain for events that will lead to a building being built.

We can see why the changes are in place, trying to raise the standard is the goal, the final property will be eligible for warranty and will be re-saleable, a marketable property as opposed to that of a property built based on poor standards which could lead to a disastrous set of circumstances.

This sector is already full of regulation but this new health and Safety legislation will introduce more complexity and challenges for all involved.

So, in a situation where there are multiple contractors, there will be a pressure on design and planning companies to establish the process before a shovel is in the ground.

Create Ts and Cs draft contracts that are relevant to both your business and your industry or sector.  Call us for a quote today 0141 5856384.

Create Ts and Cs provide a bespoke set of Terms and Conditions for your business at a fixed price, this unique approach to individualising commercial Terms and Conditions allow Start up and SME sized businesses the opportunity to protect themselves, manage risk and guard against future unnecessary disputes at an affordable price. Download: terms & conditions | privacy policy