• Home
  • Blog
  • As an SME business owner, how should you be addressing GDPR compliance?

As an SME business owner, how should you be addressing GDPR compliance?

31 March 2018

GDPR requires a multi-disciplinary approach involving:

Culture is to be implemented and engrained in staff training and awareness

Processes should be implemented to ensure policies are adhered to

Legal advice is necessary for the interpretation of developing laws

Technology should help to bring it all together and add a layer of security.

While this may appear daunting at first sight, taking time to putting together a plan should enable you and your business tackle your compliance requirements:

• Evaluate your personal data entry – this could be via your website, by telephone calls, marketing or networking events, and then look where GDPR comes in

• Using the information from above, you can then tackle the drafting of your business’s Privacy Notice

• Perform data mapping of all entities your business works with (legal, accountants, supply-chain, subcontractors, etc and then determine which processing grounds are applicable

• Consider your sub-contractors and assess their GPDR compliancy

• Compile a record of processing activities including what personal data you are processing, the purpose of the processing, which lawful basis are you seeking to rely on, etc?

• identify the risks and then analyse the affect, evaluate control measures need to be implemented or adapted

• carry out a data inventory as to where you keep the data

• establish who has access, consider role-based access, consider what devices and apps are used and whether the data is encrypted

• take necessary management and security measures where necessary

• implement necessary controls

• keep a document log of everything

• ensure that there are processes for the rights of data subjects, such as access requests

• ensure your website has an updated cookie policy in place

• consider standards-based compliance such as ISO27001

Further guidance is available from the following links:

Data protection - Why GDPR compliance is a requirement for SMEs: http://www.smeweb.com/2017/07/18/data-protection-gdpr-smes/

Best Practices Staying Compliant with the GDPR: https://www.lepide.com/blog/staying-compliant-with-the-gdpr-best-practices/

Audit, review policies, train staff, implement new policies that are GDPR compliant. https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/

How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Make a free enquiry - Call now - 0151 659 1070

Contact us