Data protection compliance

data protection regulations
We want that too

We are on your side and aim to lessen the burden on small and medium sized organisations in complying with Data Protection regulations. 

So…let’s keep it simple

What is the minimum you probably need to become compliant

1.Training of employees in Data Protection

2. The data you hold:

  • why you have it
  • what you do with it
  • who sees it
  • where it is kept

3. Your role – are a Data Controller, Data Processor or both (highly likely)

4. Put the essential Data Protection operational policies and procedures in place

5. Communicate to clients, employees, suppliers

6. Register with the Information Commissioners Office (probably) check here 

7. Decide who will be responsible for Data Protection within your organisation

Now, how to do what needs to be done for your organisation

– Provide online or onsite training for employees and staff members responsible for Data Protection

– Perform a Data Inventory or Data Audit – same thing, different word – simply, by using MS Excel

– Review certain contracts based on your role:

  • with employees (they are your responsibility)
  • with contractors (they may be your Data Processors)
  • with clients (if they have not already asked you)
  • with suppliers (they may be your Data Processors)

– Produce essential procedural documentation outlining how you deal with Data Protection:

  • Subject Access requests
  • Data Breaches
  • Data Security
  • Consent
  • Privacy Notice/s
  • Data Protection Policy

– Decide how, what and when to tell everyone about your commitment to Data Protection

– Register with the ICO, if necessary, and pay a fee, the amount for SME’s is £40 – £60 per annum

– Appoint a Data Protection Officer (possibly), even if this role is not required by law:

  • Someone needs to be responsible for Data Protection compliance in your organisation
Compliant?  Now what?

Put your feet up and relax.  For now.

– Make sure you have access to Data Protection guidance and information when you need it

– Ensure the person responsible for Data Protection in your organisation is properly trained

– Consider outsourcing the role for Data Protection activities (if your resources are already too busy)

– Review your operations annually, perhaps even request an audit

– Introducing new products or services?  These need to be assessed for Data Protection compliance


If you need help with becoming Data Protection compliant, contact us and we’ll be delighted to help.

Be Data Smart.  Be  Compliant.
Data protection is here to stay.


Data Protection 4 Business
Service Type
Data Protection 4 Business
Provider Name
DPO4 Business,
We are on your side and aim to lessen the burden on small and medium sized organisations in complying with Data Protection regulations and GDPR compliance.