I’m a small business so the Data Protection Act and General Data Protection Regulation don’t apply to me.
You would be surprised how frequently I hear this and I even heard it from a solicitor who told
facts vs myths, newspaper article text
me that there was a small business exemption!
The legislation around how to handle a persons information including how to collect, store,
handle and destroy that information is applicable to all businesses. So no matter how big or small, number of employees, sector, turnover or location if you are holding personal information about an EU citizen, including those based in the UK, you have an obligation to comply.
It’s like the speeding laws, they apply to all vehicles, just because you have a little car doesn’t mean you are exempt from the legislation (or from being caught!).