9 Steps to prepare for GDPR

The General Data Protection Regulation (GDPR) comes into place on 25th May 2018 with significant fines of up to 4% of annual global turnover for non-compliance, it’s definitely better to be active rather than re-active with this one.

“Small businesses need to get ready for the introduction of General Data Protection Regulation.”

Mike Cherry, Federation of Small Businesses

The last thing you want is to be one of the first companies found to be non-compliant to the GDPR, as well as the monetary loss, this is likely to be newsworthy and therefore crippling to the company reputation. So, what steps can you take to prepare?

Step 1. Create Awareness

Make sure the relevant people in your organisation, like policy makers, understand the rules and implication of GDPR and the necessity for full compliance.

Step 2. Review

Review and document all data processing activities and security processes within your company. This means a full data audit. Be sure to identify the ‘what’, ‘why’, ‘when’ and ‘where’ of the data you hold.

Step 3. Assess the risks

When it’s likely that a new or existing data processing activity involves a high security risk, a ‘Private Impact Assessment’ is required to mitigate this risk.

Step 4. Identify needed measures

Identify what measures need to be taken regarding the current data processes and plan for any changes needed to achieve compliancy.

Step 5. Identify key partners

Identify your joint controllers, processors and sub-processors and work with them to create instructions on how data should be handled.

Step 6. Review contracts and policies

Review existing contracts and privacy policies and amend where needed.

Step 7. Appoint a DPO

If you have over 250 employees, you will need to hire a qualified data protection officer.

Step 8. Consider a one stop shop option

Are you operating or processing data in multiple EU member states? If so, consider your one stop shop options to offer a uniformed level of compliancy.

Step 9. Inform and enforce

Inform and enforce changes to your policy, terms and conditions and contract to third parties.

Related Article: What you need to know about GDPR

Avoid Reputational Damage

As well as the monetary loss, the reputational damage caused by being found in breach of the incoming GDPR legislation would be significant.

There are two ways we can help you avoid this:

GDPR compliance check

One of our auditors will visit your business and take you through the key elements and changes, as well as the Action Plan we’ve designed to help interpret the GDPR legislation into straightforward actions.

GDPR Knowledge and Awareness e-learning course.

Our online course is efficient and effective to use. Only taking between 60 – 90 minutes to complete, this e-learning will raise awareness of the risks and impact of GDPR regulations across all stakeholders in your organisation.


Free Introduction to ISO 9001 course






start course

Related Articles

  • The 3 Main Causes of Security Breaches

    There are hundreds of security breaches that happen across the world every day. Here we look into the main causes, from human error to system glitches.

  • Final Draft of ISO 45001 Rejected

    The development of the ISO 45001 standard hasn’t been straightforward. Find out what happens next, now the final draft's been rejected.

  • Making Your Business’s Driving More Ecologically Friendly

    Follow this guide to steer your business to more eco-friendly driving, helping to save money and reduce environmental and health impacts.