GDPR - the basics

Whatever size of business you operate, if it uses the personal data of clients or employees, you must be GDPR compliant. 

This also often applies to non-commercial organisations such as schools, charities and religious groups.

Compliance for a small organisation needn't be complicated or onerous, but it's important to get the basic elements right.

  • You probably need a privacy notice to tell your clients and employees about processing. Have you got one? Is it accurate? You can read more about this requirement here.

  • Have you registered with the Information Commissioner's Office? If not, have you checked whether you should?