The EU General Data Protection Regulation (GDPR) applies to all organisations handling data of EU citizens. Regardless of size or sector, businesses are responsible for, and should be able to demonstrate, how they are operating in line with the core principles of data protection. This also includes having “appropriate technical or organisational measures” in place to secure personal data from unauthorized access, accidental loss, destruction or damage – this relates to the security principle of data protection.
Given the changes to how businesses are operating during this period of lock-down, particularly with remote working, it is even more important that organisations are clear about their responsibilities and have structures in place to protect the personal information they hold.
Our aim is to help small businesses with their GDPR compliance, whether that be by way of information & advice, documentation, assessment or training
How do we do this?
We can deliver an online GDPR and data security awareness session for your business, to help you understand your data protection obligations and the measures you should have in place to protect the data you hold. Depending on your requirements, we can then develop bespoke tools and documentation for your organisation, such as your Record of Data Processing, Privacy Notice(s), Data Protection Policy, Subject Access Request process, Data Processing Agreements etc.