Does GDPR apply to a single person business or small SME

GDPR Guest Blog fro RE GDPR

Does GDPR apply to a single person business or small SME

In a nutshell yes it does.
GDPR came into law on 25th May 2018 and from that date, it has become the responsibility of the business to make sure they are operating with the GDPR guidelines.
In most single-person businesses or SMEs, there is only one person in the business- this is not unusual, but you still must abide by the same regulations as the big companies.
For you to operate as a business you must have clients or customers- you must make your money from somewhere – to do this, you will be capturing personal data is some form or another.
For example, if you sell jewellery via social media- you must get names and addresses to post out orders, you have to issue invoices even if you are using PayPal, Revolut, Facebook, etc as opposed to the usual company invoice via an accounts package – all this data gathering is covered under GDPR.
If you offer services as opposed to a product – again you will have either clients or customers- To carry out a service you need to find out personal data – a gas repair person needs an address to call to, name and phone number etc – again this is all personal data.
How you gather, use, process, retain and store this information are all areas you need to look at.
Questions you should be asking yourself:
1)         Why am I gathering this information – is it strictly necessary or is it excessive ie do I need 3 contact numbers for the client?
2)         Am I processing this data only for what it was gathered for? Are you adding names and emails to marketing/mailing lists because they are clients/customers? This is a big no-no
3)         How long are you storing this personal information for? Did you offer a guarantee with the sale of your product or service? Do you need to record the personal data in a few different areas of your business? Accounts, receipts, mailing lists, emails, social media etc
4)         How are you storing this personal data? Is it stored on paper? Or maybe on the computer or in a CRM? Is it secure? Finally – are you storing it for longer than necessary?
Go through the above questions and see If you have information that could be deleted- it will surprise you to see just how much personal data you are storing.
This is one step in your GDPR programme!
It only takes one step at a time
Find out more about RE-GDPR, visit their Profile on

Related posts

Comments are closed.

About us is Soooo Much More Than Just a Directory of Irish Businesses.

Register today and join our Growing Community of over 100,000 Business Owners.

YOUR Business is OUR Priority

01 531 11 21

Contact Details