The EU’s General Data Protection Regulation (GDPR) - Our six top tips

1 Overview
2 Review it now
3 Understand the new changes
4 Map out what data and personal data you store
5 Securely delete old data
6 Let your employees and suppliers know
7 More information

1. Overview

The EU’s General Data Protection Regulation (GDPR) comes into force on 25th May 2018. This will apply to all businesses and organisations that are offering goods and services to EU citizens, or to those monitoring the behaviour of EU citizens, or who are processing personal data.

Here are our six top tips on things SME’s need to be doing right now to prepare for GDPR:

2. Review it now

This is the biggest update to data protection law since the current EU Data Protection directive which was established in 1995. Preparing for GDPR will need your full attention and it will take time to implement new processes and procedures across your business. Review the legislation online now.

3. Understand the new changes

Many of them will impact your current processes, such as an individuals right to be forgotten and subject access requests. You may need to draw up a plan for responding to such requests as with most cases under GDPR you only have one month to reply.

4. Map out what data and personal data you store

It is essential that you understand where it is stored, what systems you use and how you use it.  Consider whether invasive means of collecting personal data are used and if the data is processed fairly and lawfully. This means informing people about the purpose and use of personal data collected and how your business will process that. At this stage you may want to consider a privacy impact assessment.

5. Securely delete old data

If you are storing data that you no longer require (and are not legally obliged to keep) then securely delete it. Disposing of unnecessary data will help reduce risk. But make sure you securely erase it with specialist equipment and software. 

6. Let your employees and suppliers know

Make sure all of your employees and suppliers are aware of any changes to your processes and procedures that may impact them. They will also need time to adjust and prepare.

7. More information

Visit the Information Commissioners Office (ico) website for up to date information on GDPR, useful guides on what steps you need to take and when.

Ready to give your business a DigitalBoost?

Enhance your digital skills with workshops, 1:1 advice, guides and more.

Boost your business now