This section includes a brief overview of other business requirements that you need to comply with. We cover two key topics: General Data Protection Regulation (GDPR) and Workplace Health and Safety. For more detailed information on each topic, you’ll find additional links below.
GDPR – general data protection regulation
GDPR is an EU data protection and privacy law that came into force in 2018 to protect personal data. It is an extensive piece of legislation affecting businesses worldwide that target or collect personal data or offer goods or services to EU citizens. To be GDPR compliant companies must ensure that data is collected, used, and stored legally. Data subjects, these can be individuals or entities, have rights over their data and can request details about their held data. There are hefty fines for non-compliance, so it is essential to get GDPR right. Furthermore, UK organisations and sole traders who process personal information need to pay an annual data protection fee to ICO – Information Commissioner’s Office. The ICO website is a useful resource (ico.org.uk) providing extensive information about GDPR.
There are seven core GDPR data protection principles regarding data, which are:
- Lawfulness, fairness & transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
Other key regulatory points of the legislation are:
- Accountability – demonstrate GDPR compliance
- Data security – handle data securely
- Data protection by design and by default – consider data protection in the design of new products and services
- When you’re allowed to process data – when it’s legal to process data
- Consent – rules about consent from a data subject
The links below provide more details about the legislation:
What is GDPR, the EU’s new data protection law? – GDPR.eu
What is GDPR? A Simple GDPR Overview – Termly
GDPR for Dummies: The Beginner’s Guide to GDPR (termly.io)
Pay the data protection fee – GOV.UK (www.gov.uk)
Health and safety in the workplace
Employers have a duty under the Workplace (Health, Safety and Welfare) Regulations 1992, to ensure so far as is reasonably practicable, the health, safety and welfare of employees at work. There is a legal requirement to have a written health and safety policy, including steps on how to implement the policy. All businesses must carry out risk assessments and these must be documented, unless you have 5 or fewer employees. However, it is advisable to document the assessments for more effective communication of them. The chart below is a summary of the requirements of the Health and Safety Act as detailed by the Health and Safety Executive. The link below takes you to the Health and Safety Executive website where you can access the details for the various requirements of the Act.
Guidance on health and safety for all workplaces – HSE
| Appoint a competent person | Health and safety policy | First aid |
| Display the law poster | Risk assessment | Consult workers |
| Business insurance | Health and Safety at Work Act | Information and training |
| Workplace facilities | Report accidents and illness | Home working |
Health and safety at work – GOV.UK (www.gov.uk)
