5 reasons why your business may not need to be as worried about GDPR as you thought!

(Although it hopefully goes without saying, this piece written for Data Privacy Day 2019 is not intended to be taken entirely seriously!)GDPR has been around since the middle of 2018 and for those who were not caught up in the initial flurry of excitement in the run up to 25th May, there can be a nagging sense that maybe you have missed something - that ignoring this problem is not simply going to make it go away. Well, the good news is that there are a wide range of circumstances in which some or all of the GDPR might well be inapplicable to you*, so stop worrying and take a look at these top 5 reasons why you can safely disregard some or all of the implications of this reformed data protection regime:

1. If you don't have any staff: there will still be some aspects of GDPR that you have to consider as a sole trader, but without staff there are two big areas that you won't need to worry about. Firstly, you won't be processing employee data, so you won't need an employee facing privacy policy, and you won't have to worry about how to respond to Data Subject Access Requests which disgruntled employees or former employees may make. Secondly, you won't have to worry about training up your staff on compliance with the data protection legislation, or live in constant fear that one of them will forward an e-mail to the wrong recipient, or leave their laptop or mobile on a train. You will still have to worry about all of these things yourself, of course, but it's largely common sense, isn't it?

2. If you don't have any customers: sure, there are all sorts of benefits to having customers, like being able to make money and shift all of that stock that you have in your warehouse. But customers also mean more work - you have to think about the personal data that you need from them in order to deliver your goods or services, and then inform them (ahead of time) all of the ways in which you are going to use and safeguard that data. Even after that, they have all of these new or enhanced subject rights and with a better informed public they are likely to want to exercise them. Without customers, a lot of these headaches simply go away.

3. If you don't use a computerised records or a filing system: in this day and age pretty much everyone stores data electronically, whether in ledgers, e-mail accounts or just folders on a laptop. Even those that don't have records neatly organised in a structured format within a filing cabinet. But if you are one of the people who keeps notes on rough scraps of paper in a desk drawer, without any particular organisational system and with no intention of ever uploading them onto electronic storage, most of GDPR can simply pass you by. And they said your lack of organisational skills was going to hold you back!

4. If you are based outside of the EEA and don't have any customers or suppliers there: it's true that if you are based outside of the EEA... Oh, and so long as you don't run a website where EEA citizens can log in and upload personal details: um, yes, well, it's true that if you are based outside of the EEA, and you don't have customers based there, and if you don't have a website that... Sorry, one more thing, you also can't operate any business in, say, the tourist sector, or consumer electronics, where you might be capturing the data of visitors to your business, or where they might buy something in your country and then take it home with them: Do you know what, forget number 4. There's increasingly persistent talk (from significant players like Microsoft and Google) about the GDPR forming the basis for a global data standard anyway!

5. If you have limitless amounts of time and money: even if none of the other exceptions apply, there is still no need to worry about GDPR provided that you are happy to spend increasing amounts of your working week dealing with the fallout from data breaches, subject access requests, and ultimately ICO investigations. This will eat up a certain amount of management time, to be sure, but you've got plenty of that. And while it is true that the level of maximum fines has now increased very dramatically from the previous cap of £500,000, it's got to be better to spend the money afterwards than have to worry about fixing your compliance before hand, right?

So, there we are, hopefully everyone will have found something in the above list that will have put their minds at rest! Just on the off chance that there are any aspects of GDPR that are still troubling you, though, I am very happy for you to get in touch with me at any time. Happy #DataPrivacyDay 2019!(*Not really, there's no escape!)