Blog Post

20 Quick GDPR Tips for the Business Owner

Leyla Hayes-Wright • Apr 05, 2018

A simple list to provide focus for readying your business for GDPR compliance!

There is a vast amount of information available now for the upcoming GDPR changes in May and there are some really useful resources! However, many business owners are still unsure where to begin or truly understand what really needs to be considered in terms of their processes and the data they hold. Below we have highlighted a quick GDPR tip list of areas that all business owners should review:


20 Quick tips!

  1. Get up to date with the basics of GDPR. Read up on the 8 rights of the individual and the 6 principles that an organisation should abide by
  2. Be mindful of the new fines if you breach the regulations: 20million euros or 4% of turnover
  3. Register with the Data Protection Act via the ICO: https://ico.org.uk/for-organisations/register/
  4. Get a GDPR specialist / business lawyer to provide you with / write up your legal policies and templates
  5. Have a Data Protection Policy and a website Privacy Policy
  6. Update your privacy notice in your contracts, information to your subscribers, employee notices, email footers, marketing material, etc, as relevant
  7. Consider obtaining cyber security insurance
  8. Assess the security on your IT equipment and hard copy filing practices. Do you need to have added encryption, passwords, etc?
  9. Appoint a Data Protection Officer – if applicable to your organisation
  10. Know who the Data Controller is and who the Data Processors are in your business! If you are self-employed, you will act as both. Know what the responsibilities are of these roles!
  11. If you use freelancers, such as associate psychologists / coaches or a virtual assistant, ensure you as a Data Controller have a processor agreement / contract in place and you undertake due diligence that they are compliant
  12. Undertake a data audit of the files your business has – understand the information you hold in your business and how it has been collected. This includes ALL data stored on laptops, PC’s, USB sticks, smartphones, etc. Identify the gaps that could cause a problem in the future and close them! Create an Action Plan from the gaps you identified. Fixing these loopholes will get you closer to GDPR compliance
  13. Know how long you are required to hold data for! For example, there are some legal basis for the records held which have different legal durations, such as with personnel records, audited financial statements, etc.
  14. What is your legal basis for processing data? Get evidencing this. There are 6 different legal basis with consent being just one of them. Do you need to make an impact assessment on your data? For example, if you process data as part of a legitimate interest, have you done a legitimate interest assessment? Learn more about the different legal basis for processing information here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-bas...
  15. When you gained consent for holding a person’s personal data, was it done in a granular way? You cannot any longer bundle consent together within one tick box. Do you need to get fresh consent? Do you have a process for managing opt-outs?
  16. Are you transferring data to third parties outside of the EEA, such as via US based software? If so, are these on the EU – US Privacy Shield register? https://www.privacyshield.gov/list
  17. Do you process sensitive personal data (known as special category data)? Have you gained explicit consent for processing this? Check the list here to see if the data you hold is sensitive: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-bas...
  18. Are your marketing practices in line with the GDPR regulations?
  19. Are you prepared with how you will handle a Subject Access Request or a Data breach in your organisation?
  20. If you employ staff, do they need training in GDPR?

    This is a simple list to provide focus with your GDPR compliance for your business. Please note that ExecutiveVA are not legal experts, however, we are able to help with any administrative tasks you require as part of implementing your new processes. Please ask a GDPR expert to help you with your compliance checks and legal policies. For more information about the regulations, please refer to the ICO’s website:

    https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/




    M: 07511 534051

    E: leyla@executiveva.co.uk

    3 signs you are in need of Virtual Psychology & Coaching support

    By Leyla Hayes-Wright 04 Nov, 2019
    "I frequently wished I could clone myself!" When speaking to our clients we found 3 signs which showed they were not spending their most valuable asset, their time, focusing on the client facing operations of their business.

    10 Microsoft Office tips - Get more done in less time!

    By Leyla Hayes-Wright 29 Sep, 2018
    Tips on using Microsoft Office to be able to work smarter and more productive. 

    Have you booked holiday cover?

    By Leyla Hayes-Wright 07 Aug, 2018
    Holiday season is here! Are you understaffed during the summer? ExecutiveVA can provide holiday cover so you can switch off and recharge.

    Organise your office in these quick easy steps!

    By Leyla Hayes-Wright 02 Aug, 2018
    Feel energised and focused by undertaking an office de-clutter

    Building your brand

    By Leyla Hayes-Wright 23 Jul, 2018
    Aligning who you are with what you do.

    Where does your time go?

    By Leyla Hayes-Wright 03 Jul, 2018
    If you feel you don't have enough time in the day, it is important to look at how you spend the time you do have. Set yourself a task of assessing your time and find out which areas are claiming your time more than others.

    How to delegate to a Virtual Psychology Assistant in 4 easy steps!

    By Leyla Hayes-Wright 09 Apr, 2018
    "How do I delegate to you? I don't know where to start?" are questions we are often asked. Here are 4 easy steps to guide you through the process

    Getting ready for GDPR: A Basic Guide to a Data Audit for the Self-employed Psychologist and Coach

    By Leyla Hayes-Wright 12 Mar, 2018
    Are you feeling overwhelmed getting GDPR compliant? As a Psychologist / Coach, you will access a lot of personal data in your work & you will need to ensure you are compliant with the new regulations. This introduction to a data audit will start you off.

    Improve your search for tenders! Quick Search CPV codes for Psychologists looking to find public sector tendering opportunities

    By Leyla Hayes-Wright 26 Feb, 2018
    Speed up your tendering processes by using these Psychology based CPV search codes

    The benefits to YOU of working with a Virtual Psychology Assistant

    By Leyla Hayes-Wright 19 Feb, 2018
    Working with a Virtual Assistant will help your business grow, make you more money and be a success!
    More Posts
    Share by: