Setting up a new business can be a daunting task, there is so much to do, and each job seems bigger than the next. The requirements for data protection compliance are often underestimated, overlooked or delayed as other elements take priority.

Yet, all businesses no matter how big or small use personal information. Data protection is more than a tick box exercise. It is about establishing a system of work practices, policies and procedures that meet your responsibilities under GDPR. It is about enabling you to identify and respond to issues such as data breaches and data subject access requests. It is about developing a strong culture of data protection. It is about being able to mitigate risks to protect your business.

As well as protecting the personal data of your customer and clients, it is vital that your business is protected by ensuring you are compliant. After all, you don’t want all your hard work to be diminished by a data breach. Or your reputation to be damaged by failing to respond to their Data Subject Access Request in the appropriate manner.

Consider now all the businesses that process your personal data. How would you feel if they were not compliant with GDPR? Would you still chose them?

There is no better time than now to start your Data Protection process.

See the Resources section for all the tools you need on your GDPR Compliance Journey.

So where do you start? Here are some practical tips to get you on your way.

  • Set up an excel sheet and map out the personal data that you will be collecting in your business. You’ll probably find you have more than you first thought. If you need help with these, check out the Data Mapping guides in the Resources section.
  • If you can, separate your work and personal devices. As well as allowing you to have a work-life balance, this can reduce the risk of accidental data loss or a data breach.
  • No matter what device you use, invest in safeguards such as anti-virus to protect against cyber-attacks. Also check out your phones for factory settings such as encryption and remote wipe.
  • Purchase a commercial email account such as through Office 365 or G-suite. While free email accounts are, well free, they often do not have the same level of protection as those that are paid for.
  • Read the privacy policies of any third-party service providers that you are using – and make sure that you understand them.
  • Make sure you know your responsibilities as a data controller. No matter whether you are a sole trader, a limited company, a not-for-profit or something in between, you are responsible for the personal data in your business. Read the guidance on and make sure you can meet your responsibilities.

  • If in doubt, ask. GDPR and data protection is wide, varied and complex. If you are not sure about something, ask a professional for advice.