The General Data Protection Regulation (GDPR) is UK and EU law that governs how businesses must collect, store, use, and protect people’s personal data. Even after Brexit, UK businesses must comply with GDPR (now called UK GDPR), and any business handling EU citizens’ data must follow the EU version.
GDPR gives individuals significant rights over their personal information, including the right to know what data you hold about them, the right to have it corrected or deleted, and the right to withdraw consent for its use. For businesses, this means you must have legitimate reasons for collecting data, keep it secure, only use it for stated purposes, and delete it when no longer needed.
Personal data under GDPR is broadly defined – it includes obvious things like names, addresses, and email addresses, but also IP addresses, location data, and even CCTV footage that identifies individuals. If your business collects any of this information from customers, employees, or suppliers, you must comply with GDPR.
Non-compliance can result in substantial fines – up to £17.5 million or 4% of annual global turnover, whichever is higher. However, for most UK SMEs, the bigger risk is reputational damage and loss of customer trust following a data breach that could have been prevented.
Key GDPR requirements include having a lawful basis for processing data, implementing appropriate security measures, notifying the ICO of serious breaches within 72 hours, maintaining records of processing activities, and ensuring any third-party processors (like cloud providers) are also GDPR compliant.
GoodChoice IT helps London and Surrey businesses achieve and maintain GDPR compliance through secure data handling practices, encryption, access controls, regular security audits, staff training, and documented policies. We ensure your IT systems meet GDPR’s technical requirements whilst making compliance manageable for your team.
« Back to Glossary Index