Small Business does it apply to me?
It is easy to read into the GDPR regulations that they do not apply to small business however that is not the case. It is important to review the category of information that is being collected, stored or used as there is no size limit for companies handling for example health related information.
Regulation Article 9
(h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3
This Hiscox article below points to some useful thoughts with regard to GDPR.
“The regulation must be observed by any organisations with more than 250 employees, which on the face of it may give the impression that many UK small businesses will be exempt. However it isn’t quite that simple. A business must still comply if it’s involved in regular “processing” of certain categories of personal data, which legally is taken to include collecting and storing as well as actually using data.
These categories include health data, information on individuals’ racial or ethnic origin, political affiliations, religious beliefs, genetic and biometric data and sexual orientation”