GDPR for SME Business
If you are an SME Business, using CCTV or/and processing personal data electronically, you will need to pay a fee to the ICO.
However, it is important that your organisation adheres to the principles of the General Data Protection Regulations and understands best practice for managing information. To help ensure you are complying with the GDPR, we have produced a range of training materials including practical toolkits, training videos and more. Even if you are exempt, you may still wish to pay a data protection fee.
Registration self-assessment:
Under the Data Protection (Charges and Information) Regulations 2018, individuals and organisations that process personal data need to pay a data protection fee to the Information Commissioners Office (ICO), unless they are exempt.
By going through the following questions you will be able to decide if you – as an individual or on behalf of your business or organisation – need to pay a fee to the ICO.
From 25 May 2018, people who use CCTV for domestic purposes, ie to monitor their property, even if it films beyond the boundaries of their property will be exempt from paying a fee under data protection law.
Self Assessment
On 1 April 2019, the rules around paying the data protection fee changed. Members of the House of Lords, elected representatives and prospective representatives (including police and crime commissioners) are exempt from paying a fee, unless they process personal data for purposes other than the exercise of their functions as a Member of the House of Lords, an elected representative or as a prospective representative. For more information, read our guidance on the data protection fee.
Try the test out for yourself:
Register Now:
If you are using CCTV or processing personal data electronically you will need to pay a fee to the ICO. The ICO uses a form for organisations that need to pay a fee under the data protection legislation. It should take about 15 minutes to complete.
You will need to fill in this form in one session, so we suggest you get everything you will need to complete it before you start. You will need:
- your credit/debit card or other payment details;
- details about the organisation(s) you are registering, eg Companies House number (if applicable), name, address; and
- details about the number of staff you have and your turnover.
The ICO will use the information you provide to process your payment and maintain the public register. They will publish all the information you provide, except where we say otherwise.
GDPR Policy Toolkit 2
Once your registration is complete or if you are already registered, it is a good idea to contact us so that we can assess what policies you will require to be protected from any potential data breaches.
These policies could be a mix of the below:
- Data Protection Policy
- Privacy Notice
- Data Breach Incident Form
- Data Breach Policy
- Data Retention and Erasure Policy
- SAR Acknowledgement
- SAR Response
- SAR Partial Exemption
- SAR Denied
- SAR Delayed
- SAR Procedures
- Access Control and Password Policy
- BYOD and Remote Access Control
- Clear Desk Policy
- eMail Usage and Archive Policy
- Information Asset Register
- Asset Management Policy
- Information Security Policy
- Risk Management Policy and Procedures
- Risk Mitigating Action Plan
- Outsourcing and Supplier Policy
- Employee Training Record
- Training Development Log
- Training Development Policy
- Training Feedback Form
- Supplier and Due Diligence Questionnaire
You are able to fill in and update the above templates but we are more than happy to assist with them. There may be others that you require depending on your circumstances.
These policies can simply be updated with your company information and then held in folders within a secure location.
Even though it might seem overwhelming with all of these policies, you really can implement GDPR by yourself. All you need is to purchase one of our documentation toolkits. Our toolkits and other resources were developed for ease of use and to be understandable, with no expert knowledge required.
Additional Services:
We provide personal services to assist in the personalisation of the policies, once we carry out an audit of all systems. After that is complete, we will continue to support you in case of a breach or any updates required to the policies.
Training + HR:
It is imperative that your staff are trained, as a big percentage of breaches come from employees in one form or another. We can provide the training required so that staff are aware of their responsibilities in respect of GDPR.
FREE one on one consultation with a GDPR expert
The Business Train are offering a limited number of free consultations with a GDPR consultant to provide you with the clarification you need to make sure that your business is compliant with the new regulations.
If your journey has created more questions than answers or if you’d like to make sure your changes are adequate, we can help.
The Business Train has already worked with over 50 companies to get them moving towards full compliance, from a sole trader to a large corporate. This is an invaluable investment of time for any company, large or small, affected by the GDPR.
This offer is extremely limited and we recommend early application to avoid disappointment. Now that the GDPR requirements can be enforced, can you afford not to act?
Meet the GDPR Journey and discover a simple way to become compliant.
Learn everything you need to know about GDPR and how to make your business complaint with our easy to use policy toolkit…