The EU General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998 and comes into force on 25 May 2018. The new law gives individuals more control over how their data is used, shared and stored and requires organisations to be more accountable and transparent about how they use it.
The GDPR will be enforced by the Information Commissioner's Office (ICO), which has produced a wealth of guidance to help organisations comply with their new obligations.
Recognising that micro-businesses face particular challenges in preparing for the introduction of the GDPR, the ICO has launched an awareness campaign specifically aimed at those employing fewer than ten people. This includes an introduction to what the GDPR entails with regard to protecting people's personal data and an eight-step guide to compliance.
The ICO also notes that many sector and industry groups are geared up to help micro-businesses implement the GDPR and can be a good starting point for industry-specific advice.