Blog Details

SMEs it’s time to start the GDPR process…


GDPR (General Data Protection Regulation) is just around the corner and it’s time to start thinking about your compliance. GDPR applies to all UK businesses, including SMEs. To stay on the safe side and avoid costly fines you could face if you do not comply, one of the first steps you need to take is completing a data audit.

On the 25th May 2018, there will be a fundamental change in data protection legislation, allowing customers to gain greater rights when it comes to the use of their personal information. A GDPR compliance audit is the starting point for your business. It will give you a clear indication of the direction your business needs to go in to ensure compliance.

Don’t let your compliance be a last-minute panic, it doesn’t need to be – stay calm, you just need to prepare.

To successfully complete your GDPR compliance audit all you need to do is simply answer these 3 questions:

What personal data do you hold?

This data could be prospect data, current client/customer data or lapsed customer data. It is very important to know the nature and type of data you hold, so you know whether it needs to be deleted by May 2018.

Where did the personal data come from?

Did you receive the data directly from the individual, from customers, third-party bought data, through online cookies or data from profiling?

How do you use this data?

Do you sell the data on to third-parties, share personal data with data processors or store the data in a non-EU country?

These 3 questions will start to give you a clear analysis of the personal data your business stores and processes, and is the first step of confronting GDPR compliance.

For a free comprehensive analysis, Google ‘ICO and Free GDPR self assessment tool’. Make sure you click on the Information Commissioners site (ICO.ORG.UK) and answer the questionnaire.

A GDPR compliance audit isn’t designed to pick fault

It will allow your business to grow and gain trust, which in effect will allow you to target the right customers.

What if you don’t complete a successful audit?

By not completing a successful audit you are allowing your business to be completely unprepared for GDPR, leaving you at higher risk of potential fines and for your reputation to be damaged. You will not know what data needs to be deleted and what data will need re-permission. Don’t leave it to chance.

How can we help you?

Griffin House Consultancy can provide your business with a GDPR compliance audit and GDPR gap analysis. We supply experienced, qualified and friendly auditors who can support you in the process of preparing for the new regime. Whether this is on specific departments, individual offices or across your entire organisation, we will prepare you.

If you would like honest and clear guidance throughout the transition, please give us a call on 01673 885533 or email enquires@griffinhouseconsultancy.co.uk.