Reading Time: 1The other week, I spoke to the owner of a small graphic design agency. She told me that GDPR would not apply to her, because her business specializes on developing a brand identity for other businesses.
This thinking is naïve and can get your business into deep trouble.
Firstly, even if you are a “B2B business”, GDPR still applies to you. Your client contacts may represent companies, but they are living and breathing people. How do you correspond with them without any data? Having their email address in your contact list is sufficient to bring you into GDPR territory.
To complicate things further, there are many ways you can become a data processor. Many creative agencies I consulted with run focus groups or surveys. They test design concepts. Often they collect personal data of respondents. GDPR is not about the data of people you market to. It’s about any data that could implicitly or explicitly identify an individual.
I am not sure that you can always avoid holding any personally identifiable information if you run an active business. Your business may not hold much data on individuals, but you need to ensure that this small data pool is safe. I wrote more on that in my post Please read my post “Are You An Accidental Data Processor?”.
The good news is that if you hold less data, you might still be able to comply with GDPR provisions before the deadline of May 25th 2018 if you start evaluating your data handling processes today.
Share this Post