Answer

Does GDPR apply to my small business?

UK GDPR applies to businesses of any size that handle personal data — there is no small-business exemption. The core duties are lawful processing, security, and honouring people’s rights.

2 min read

Any sizeApplies
No exemptionFor small firms
CoreLawful + secure

It applies to you

If you hold personal data about customers, staff or suppliers, UK GDPR applies regardless of how small you are. Some record-keeping obligations scale with size, but the core principles do not switch off for small companies.

The obligations that matter

Process data lawfully and transparently, keep it secure, honour rights like subject access, and report serious breaches. Getting the basics right avoids fines and the reputational damage that hurts trade.

What it means for you

Credicorp lends to your company, not to you personally, and takes no personal guarantee. See business loans or apply online.

Frequently asked questions

Is my small business too small for GDPR?

No. UK GDPR has no small-business exemption. If you handle personal data, the core rules apply to you.

What are the main duties?

Process data lawfully and transparently, keep it secure, respect individuals’ rights, and report serious breaches to the ICO.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.