We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
GDPR - Are business details classed as personal information?
Options

quickstepqueen74
Posts: 10 Forumite

As a one man band (ltd company) we only hold contact names, addresses, phone number of businesses we deal with. And this information is given to us from the firm that buys our services. We keep these details as a) often they are repeat visits, b) invoicing purposes and c) in case of any arbitration cases. Does this mean we need to write our own privacy policy? This is all new to me and I want to ensure we are GDPR compliant but despite googling and looking on the ICO website I am bamboozled. Can anyone offer some advice that I can clearly understand please? (Sadly my menopausal memory doesn't help when taking in information!)
0
Comments
-
Compliance is quite a large subject, but for a small business a starting point would be to write a document that:
a) Details the personal information that is kept.
b) Where is this information held/stored.
c) The security around the information.
d) The purpose of holding the information. i.e. What use is it put too?
e) Who has access to the information.
f) How long the information will be kept, i.e. if there is no activity for a client/customer after 5 years, delete it.
g) What will you do if you get a Subject Access Request.
h) What will you do if someone asks for their data to be deleted.
This sounds a bit onerous, but you don't need to write a book. So long as you give it your best endeavour the ICO will not come down on you. They have bigger fish to fry.
I hope that helps. Apologies if I have missed anything.
Kind Regards,
Bill1 -
As a small business to business provider. Business records of what you do, proposals, contracts, closure memos, invoices. 7 years after the event tax man can ask to see what supports the claimed accounting entry. So legitimate business purpose to keep it. Can keep it. If you don't the discussion with the tax man could become more tense. You don't need policy to say that. Can just do it. The incidental buyer/accounts payable contact info does not mean you cannot meet the above requirement. If you got into publishing the stuff then personal info / redaction etc. would become relevant again. But as securely stored, legitimate purpose commercial business records. It's basically fine.
On the other hand - if you go around claiming to be ISO9000 accredited as provider with a jazzy quality system. Or one of the many process maturity standards you can be asked to commit to. Then need lots of policies on many things. Including this. GDPR, Information retention, archiving and destruction.
Doing it pragmatically matters. The quality document saying you are going to - less so
Clearly harvesting old records for contact info and going spamming gets you back into marketing consent and personal data issues quite quickly. So don't. Not a legitimate purpose.
1 -
quickstepqueen74 said:As a one man band (ltd company) we only hold contact names, addresses, phone number of businesses we deal with. And this information is given to us from the firm that buys our services. We keep these details as a) often they are repeat visits, b) invoicing purposes and c) in case of any arbitration cases. Does this mean we need to write our own privacy policy? This is all new to me and I want to ensure we are GDPR compliant but despite googling and looking on the ICO website I am bamboozled. Can anyone offer some advice that I can clearly understand please? (Sadly my menopausal memory doesn't help when taking in information!)
If you work through it, being practical and using simple everyday language, it should do the trick nicely without doing your head in!Googling on your question might have been both quicker and easier, if you're only after simple facts rather than opinions!1 -
"
- Personal data only includes information relating to natural persons who:
- can be identified or who are identifiable, directly from the information in question; or
- who can be indirectly identified from that information in combination with other information."
Ie not a business1 -
Andy_L said:"
- Personal data only includes information relating to natural persons who:
- can be identified or who are identifiable, directly from the information in question; or
- who can be indirectly identified from that information in combination with other information."
Ie not a business0 -
quickstepqueen74 said:Andy_L said:"
- Personal data only includes information relating to natural persons who:
- can be identified or who are identifiable, directly from the information in question; or
- who can be indirectly identified from that information in combination with other information."
Ie not a business
Just work through the ICO guides for small businesses and think about why you have data, where you store it, what you will use it for, who you will share it with and how long you will keep it for - https://ico.org.uk/for-organisations/advice-for-small-organisations/1 -
Personally... would speak to the ICO.
They do an exercise occasionally to identify registered companies that aren't paying them the registration fee and we got the inevitable letter a few years ago. In our case all our customers are corporates, we dont maintain any form of CRM etc, dont have a website but inevitably do have emails from members of staff from clients which will have their name, business email address and business phone number. Their advice to us was that we didnt need to register but naturally optionally could.1 -
Thankyou all for your help. I really do appreciate each and every one of you who has commented. Naturally I don't want to waste time wading through writing a Privacy Policy unless it's necessary, but I don't want to go against the law either. Will try and get my head clear and try again to look at it. There's certainly a difference of opinion as to whether we come under GDPR. If only my other half had retired when he turned 66!
0
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards