Does GDPR apply to a single person business or small SME

In a nutshell yes it does.

GDPR came into law on 25th May 2018 and from that date, it has become the responsibility of the business to make sure they are operating with the GDPR guidelines.

In most single-person businesses or SMEs, there is only one person in the business- this is not unusual, but you still must abide by the same regulations as the big companies.

For you to operate as a business you must have clients or customers- you must make your money from somewhere – to do this, you will be capturing personal data is some form or another.

For example, if you sell jewellery via social media- you must get names and addresses to post out orders, you have to issue invoices even if you are using PayPal, Revolut, Facebook, etc as opposed to the usual company invoice via an accounts package – all this data gathering is covered under GDPR.

If you offer services as opposed to a product – again you will have either clients or customers- To carry out a service you need to find out personal data – a gas repair person needs an address to call to, name and phone number etc – again this is all personal data.

How you gather, use, process, retain and store this information are all areas you need to look at.

Questions you should be asking yourself:

1) Why am I gathering this information – is it strictly necessary or is it excessive ie do I need 3 contact numbers for the client?

2) Am I processing this data only for what it was gathered for? Are you adding names and emails to marketing/mailing lists because they are clients/customers? This is a big no-no

3) How long are you storing this personal information for? Did you offer a guarantee with the sale of your product or service? Do you need to record the personal data in a few different areas of your business? Accounts, receipts, mailing lists, emails, social media etc

4) How are you storing this personal data? Is it stored on paper? Or maybe on the computer or in a CRM? Is it secure? Finally – are you storing it for longer than necessary?

Go through the above questions and see If you have information that could be deleted- it will surprise you to see just how much personal data you are storing.

This is one step in your GDPR programme!

It only takes one step at a time

Find out more about RE-GDPR, visit their Profile on WhatsWhat.ie

https://whatswhat.ie/re-gdpr

CRM, GDPR, Personal Data, RE GDPR

Spotlight Interview

Donna Kennedy Slattery’s Inspiring Journey to Empowerment

A Trailblazer in Personal Growth and Women’s Empowerment Donna Kennedy Slattery, an eight-time best-selling author, psychologist, and influential advocate for

February 28, 2025 No Comments

Past Events

Parenting with a Brain Focus: Secrets to Child Brain Development

Discover how to support your child’s neurological development, critical thinking, emotional regulation, and overall success. 📅 Date: Sunday, 2nd February

December 9, 2024 No Comments

Past Events

Christmas Market 2024 – Celebrate the Season with Tradition and Joy

🎄 Date: 15 December 2024 🕙 Time: 10:00 AM – 4:00 PM 📍 Location: Sheepmoor Ave, Blakestown, Dublin, D15 F978,

December 9, 2024 No Comments

Comments are closed.

About us

WhatsWhat.ie is Soooo Much More Than Just a Directory of Irish Businesses.

YOUR Business is OUR Priority

01 531 11 21

Does GDPR apply to a single person business or small SME

Does GDPR apply to a single person business or small SME

In a nutshell yes it does.

GDPR came into law on 25th May 2018 and from that date, it has become the responsibility of the business to make sure they are operating with the GDPR guidelines.

In most single-person businesses or SMEs, there is only one person in the business- this is not unusual, but you still must abide by the same regulations as the big companies.

For you to operate as a business you must have clients or customers- you must make your money from somewhere – to do this, you will be capturing personal data is some form or another.

For example, if you sell jewellery via social media- you must get names and addresses to post out orders, you have to issue invoices even if you are using PayPal, Revolut, Facebook, etc as opposed to the usual company invoice via an accounts package – all this data gathering is covered under GDPR.

If you offer services as opposed to a product – again you will have either clients or customers- To carry out a service you need to find out personal data – a gas repair person needs an address to call to, name and phone number etc – again this is all personal data.

How you gather, use, process, retain and store this information are all areas you need to look at.

Questions you should be asking yourself:

1) Why am I gathering this information – is it strictly necessary or is it excessive ie do I need 3 contact numbers for the client?

2) Am I processing this data only for what it was gathered for? Are you adding names and emails to marketing/mailing lists because they are clients/customers? This is a big no-no

3) How long are you storing this personal information for? Did you offer a guarantee with the sale of your product or service? Do you need to record the personal data in a few different areas of your business? Accounts, receipts, mailing lists, emails, social media etc

4) How are you storing this personal data? Is it stored on paper? Or maybe on the computer or in a CRM? Is it secure? Finally – are you storing it for longer than necessary?

Go through the above questions and see If you have information that could be deleted- it will surprise you to see just how much personal data you are storing.

This is one step in your GDPR programme!

It only takes one step at a time

Find out more about RE-GDPR, visit their Profile on WhatsWhat.ie

https://whatswhat.ie/re-gdpr

Related posts

Donna Kennedy Slattery’s Inspiring Journey to Empowerment

Parenting with a Brain Focus: Secrets to Child Brain Development

Christmas Market 2024 – Celebrate the Season with Tradition and Joy

About us

More About Us

Contact Details

Check out our