GDPR Advice for SMBs


Help and advice for SMB‘s regarding the fast approaching GDPR

Are you the owner of an SMB and are wondering how the new GDPR changes will affect your business? You are not alone, small and medium sized companies across Europe are trying to understand how the new regulations will impact on their business.

It is often thought that significant changes such as the new GDPR are targeted at larger organisations however these new guidelines apply to every business operating across the EU – so SMBs should be seeking GDPR advice as a matter of urgency.

What steps should SMBs take?

We would recommend that those responsible for data protection within their organisation (often owners for SMBs) seek GDPR advice from a specialist, this will ensure that they are following the relevant steps to become GDPR compliant.

However, as a general guide, the following are some key examples of activities that should be carried out before the 25th May 2018 deadline:

  • The first step is to carry out a full audit of your business, assessing how personal data is collected, used and stored within your organisation.
  • Make all staff members aware of the new regulations and train them on any changes that will be occurring within their day-to-day role.
  • Update your business’ privacy policy and website so they are GDPR compliant, also consider if you need to gain consent from existing customers to hold their personal data and how this will be achieved.
  • Does your business use third-party data handlers? You will need to gain information from them to confirm that they are GDPR compliant too.
  • Speak to your IT partner about the security of your network and whether there are improvements that can be made to existing systems in terms of data protection.
  • As you hold personal data about your employees this also needs to be reviewed against the GDPR guidelines, in some circumstances it may be advisable to seek legal GDPR advice on this matter.
  • All SMBs are required to have a data breach plan and in the event of a breach this should be reported to relevant authorities within 72 hours.
  • Depending on your service offering – you may consider working with a Data Protection Officer (DPO) who is responsible for ensuring data protection for your organisation moving forward. This person does not have to be an employee and can be an outsourced member of the team instead.

This is not an exhaustive list, if you partner with a GDPR specialist they will be able to tailor advice to your business.

We provide GDPR advice

We are working with clients across the UK offering GDPR advice in light of the regulations coming into effect from 25th May 2018. We have the skillset and knowledge to ensure that your business is compliant and avoids fines of up to €20 million.

For more information on how we can help your business and offer our specialist GDPR advice simply call our office on 01282 500770 or email us at and we’ll be in touch with you as soon as possible.