Post with poster saying Big Data is Watching

Small Businesses and Personal Data

What’s classed as ‘personal data’?


  • The obvious ones such as name, surname, initial(s), alias, home address, phone numbers, date of birth or place of birth. ID card number, credit card number and e-mail address
  • Sensitive data such as genetic and biometric data e.g. health data, face, fingerprints, retina, DNA, etc.
  • Online identifiers such as IP addresses and cookie identifiers
  • Location data such as device location history
  • Metadata related to Internet activity i.e browsing and search history. Also information regarding a data subject’s social media accounts and posts.


Note: if you process debit or credit card information, you may also be subject to PCI DSS Regulations.

And whilst we’re on the subject of Data Protection…

I want a copy of my personal data and I want it now

As a small business owner you know what personal data rights are under GDPR don’t you, and what a data subject is?

And if one of your customer’s asks you to provide them with a copy of their personal data you know exactly what to do and the timescale for doing it in, correct?


..‘data subject’ refers to any living individual whose personal data is collected, held or processed by an organisation. Personal data is any data that can be used to identify an individual, such as a name, home address or credit card number .

(Luke Irwin, Author for IT Governance 15/11/2018)






People are becoming more aware of what their rights are regarding the data protection rules and are exercising these rights more frequently. They can object to advertising communications, deny access , or ask for a copy of the personal data that’s held on them.

Because individuals are becoming more aware this is also having an impact on businesses. As a business owner, even if you’re a one-man band, it’s your responsibility to understand how GDPR affects you. 

So, let’s go back to my original question.

Q. One of your customers has asked you for a copy of all the personal data you hold on them. What do you do and how long have you got to respond?

A. You have one month from the date of receiving the request to provide  a copy of all their personal data. Continually asking you for a copy of their data records would be an exception, but otherwise you’re legally obliged to complete their request.



credit card being given through the computer screen

Can you spot a phishing email?

Redcar and Cleveland Borough Council have been offline for all most two weeks because of a recent cyber-attack. Although they haven’t openly stated it was caused by Ransomware*, they are having to rebuild their complete system. This is consistent with how a company would react if they did not want to have to pay out to the criminals holding them to ransom. 


According to a report from the insurance broker Gallagher, 49% of local councils have been attacked since the start of 2017 and 37% were attacked in the first half of 2019 alone. Over that six-month period, local government experienced 263 million attacks

5 mph road sign

5 ways to spot a malicious email

The majority of ransomware attacks begin with phishing scams, so simply knowing how to spot a malicious email will protect you from a substantial number of threats.

    • The message is sent from a public email domain
    • The domain name is misspelled
    • The email is poorly written
    • It includes suspicious attachments or links
    • The message creates a sense of urgency


The advice in the malicious email blog shows how important it is for individuals to be able to recognise signs of phishing.

Spam filters will never be fully effective, so it’s up to you to read the context of messages. Look for anything suspicious and report it.

Remember – it could be you and your business being held to ransom.

*Ransomware is a form of malware that encrypts files and locks users out of the system. A message would then be sent informing users that to get access they have to pay a ransom.

You might also be interested in reading – blog/small-businesses-and-personal-data/

Sign up for our newsletter today.






Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013



Need some help? Please contact us:

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970


Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed