Data Protection has been around for over 30 years and as a training provider delivering information sessions for small businesses I have come to the conclusion that a large number of business owners and managers feel GDPR does not apply to them and there is no need to comply...but is that really the case?

It possibly is true for a trader who sells small items over the counter, has no staff members and gets the items delivered to the shop by a supplier weekly or monthly. It may also be true for a cafe owner who has no staff and runs the business on their own. How many businesses are there out there where the above applies? because if that is not you and you employ at least one staff member, have a payroll system or outsource the payroll to a third party such as your accountant them you do come under the GDPR and you will need to become compliant with the new law.

How can you make a start?

Possibly attend an information session, or go online and enrol in a GDPR course and gather the information you need to make a start. Once you get your necessary information to get started, it is now time to start writing your policies, as it is important to demonstrate compliance and the best way to do that is have it in writing and also have an assessment completed on all of the information you carry. Now that you have your assessments completed and policies in place, you will need to have documentation prepared for the following, but not limited to...confidentiality agreements, request forms etc.

You are now well on the way to becoming compliant, but have you shared this information with those who work for you? if not you will now need to share this new information and ensure all of the people, one, two or more are aware of the risks and what they need to do in order to keep your company compliant.

A good start would be to do the following; Attend an information session on GDPR Do an assessment on the information you carry and determine the risks Complete policies for your company Have a lock away policy for all personal data and if possible a clean desk policy If you have computers, ensure you have passwords and change the passwords regularly If you get emails and store data online also have secure passwords on your phone


Threat personal and sensitive data as you would like your data to be protected and you will not go too far wrong. Do unto others as you would have done to yourself.



Charlie Mernagh



There are no comments. Be the first to comment

Please Log in to Comment