2 min read
It applies to you
If you hold personal data about customers, staff or suppliers, UK GDPR applies regardless of how small you are. Some record-keeping obligations scale with size, but the core principles do not switch off for small companies.
The obligations that matter
Process data lawfully and transparently, keep it secure, honour rights like subject access, and report serious breaches. Getting the basics right avoids fines and the reputational damage that hurts trade.
What it means for you
Credicorp lends to your company, not to you personally, and takes no personal guarantee. See business loans or apply online.
Frequently asked questions
Is my small business too small for GDPR?
No. UK GDPR has no small-business exemption. If you handle personal data, the core rules apply to you.
What are the main duties?
Process data lawfully and transparently, keep it secure, respect individuals’ rights, and report serious breaches to the ICO.
Related reading

Does a data breach need to be reported to the ICO?
A personal data breach likely to risk people’s rights must be reported to the ICO, usually within 72 hours of…
Read →
What is a subject access request as a company director?
A subject access request lets you, as an individual, get a copy of the personal data an organisation holds…
Read →
How does Credicorp protect my data?
Credicorp handles your data under UK data-protection law, over encrypted connections, with access limited to…
Read →
Are there any upfront fees to apply for a business loan?
A legitimate lender does not charge an upfront fee just to apply. Real fees — arrangement, valuation, legal —…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.