Our top ten tips for SME’s preparing for GDPR

GDPR IMAGEGeneral Data Protection Regulation (GDPR) is the new EU data law, replacing the Data Protection Act on 25th May 2018 and it will apply to all companies in the EU (including the UK post Brexit)

Given the extent of the changes coming into force under the new regulation, and the increased penalties for non-compliance, preparing for GDPR is something that organisations of all sizes should be making a priority over the next 12 months.

To get businesses thinking about GDPR, we’ve complied our top 10 tips to help SME’s prepare for the regulation changes.


  1. Take the advice that’s out there. With GDPR on the way, there is so much information readily available. The Information Commissioners Office (ICO) are the regulatory body and have so plenty of guides and information on the website providing impartial advice. ico.org.uk
  1. Don’t think you’re organisation isn’t big enough to worry about data protection. Just because the media tend to focus on data breaches in large organisations, the ICO have made it clear that they will be regulating organisations of all sizes and data thieves often see SME’s as an easy hit.
  1. Take some time to ask what data you process and hold, why you have this information, who is responsible for it?
  1. Ask the experts for help. If you don’t have the technical knowhow when it comes to systems and protecting data, there will be someone out there who has. The cost of prevention is almost always less than the cost of the consequences.
  1. Think about end of life and secure disposal. We’re always hearing about password protection, encrypting data and keeping it safe while we’re using it. But what happens to the data when it’s time to get rid of that computer, laptop, mobile, usb?
  1. Share the knowledge – unintentional errors by employees can cause the most serious breaches. Share what you find, encourage everyone to think about data protection and provide training.
  1. Don’t forget the basics. It’s easy to miss the little things like throwing an odd invoice in an under desk waste paper basket slip.
  1. The flip side of the above – think about the not so obvious places data is stored. Items such as photocopiers, scanners and printers can contain hard drives that should all be disposed of properly.
  1. Be prepared. The earlier you start getting ready, the better. Taking steps now to implement good practice ensures that compliance is embedded in your organisation by May 2018.
  1. Embrace the new regulation – it’s there to protect you and help keep data safe, not catch you out!
Posted in : Data protection
Tags: , , , , ,

Leave a Reply