If you can answer "Yes" to any of these questions, then the GDPR will apply in your business.
- Do you send emails to named recipients (e.g. email@example.com) either as a customer, supplier or other business relationship?
- Do you have employees and operate a payroll scheme?
- Do you employ contractors?
- Do you collect the contact information of others to be used for maintaining a business relationship with that person?
- Do you have shareholders, a register of directors or other interested individual parties in your business?
- Do you send invoices addressed to an Individual, even if that individual is the financial controller of another business?
- Do you make purchases from suppliers and hold named contacts at those businesses?
- Do you keep a record of individuals whom you have sold to or performed work for for a later follow up? (e.g. a Plumber keeing a record of when someone's boiler is due a service, or a mechanic keeping a record of when a vehicle is due a service).
- Do you keep a record of individuals whom you have sold to or performed work for?
Essentially, any collection, storage or use of the information of other people in a business context is subject to the provisions of the GDPR. This is not to say you need consent for these activities and the specific Lawful Basis will be determined for each business function that collects, stores or uses that data.