GDPR comes into force in May 2018 and failure to comply can result in a fine of up to €20m or 4% of the business annual turnover.

To help small businesses prepare for the changes we have listed some things to consider below:

• Have an understanding of what personal data is, namely name, email address, phone number, address, bank account number, driving and/or passport numbers, genetic or biometric data.
• Consider whether or not you need to store this data and why.
• Clear out old data
• Deal with GDPR on a daily basis
• Have in place a policy though your data protection officer to deal with any breach
• Share information with the team, arrange for training and awareness of any issues
• Remember there is a ‘right to be forgotten policy’. If someone wants their data to be deleted, make sure you can demonstrate you have done so.
• Consider whether you need a system to identify the age of a person and do you need parental or guardian consent.
• Make sure you can identify who you can market to and that you have clear consent as consent can no longer be assumed.
• Adopt a secure framework for information protection.
• Be aware of the enhanced rights of data subjects, this is normally dealt with by data subject access request, and where possible dealt with in 14 days.