GDPR: A checklist for small business owners

At IdeaBubble, having worked with hundreds of companies over the past 10 years since our inception, we understand that every business is different. One thing however that all businesses in today’s day and age have in common is that they must comply with GDPR legislation.

When it comes to data protection we encourage all of our clients to evaluate their data processing practices and seek independent legal advice to ensure that their data storage and marketing practices are compliant in their industry. Here are a few tips and questions to ask yourself or your team before doing so:

  1. What personal data do you collect and hold on file as a company.

  2. Have you collected this personal data in a fair and transparent fashion?

  3. Did you or your team get consent from the person in question to hold this data.

  4. Do you have the necessary consents required and were the data subjects informed of the specific purpose for which you intend to use their data?

  5. Are you ensuring that you aren’t holding data for any longer than is necessary and are you cleaning the data and keeping it up-to-date?

  6. Are you keeping all of the data you hold about customers, prospects and other stakeholders safe and secure using a level of encryption that’s appropriate for the data held?

  7. If you are collecting or processing any sensitive personal data, are you meeting the standards to collect, process and store it? Sensitive personal data has a whole set of other rules which apply when it comes to data storage and processing.

  8. Are you transferring or planning to transfer any personal data outside of the European Union and if so, do you have adequate protections in place?

  9. Have you put a project plan in place to ensure GDPR compliance.

  10. Do you have a dedicated data protection and GDPR budget? It’s important to ensure that there is a budget for systems and staff training.

  11. Do you need to hire a Data Protection Officer or need to commission a data impact assessment on a regular basis?

  12. As part of your Data Protection efforts, have you considered how you handle employee data in our plan? This element of data protection is often overlooked by many companies.

  13. In the event of a query, complaint or FOI request, do your staff have the skills and training to modify, delete or safely share data stored. It is important that all staff have sufficient resources to adhere to GDPR laws and legislation.

Talk to us about your GDPR requirements. Drop us a line to speak to Mary, Tempy or Rowan about how we can arrange an audit for your business. At IdeaBubble we offer a range of comprehensive plans that help ensure GDPR compliance.