Case Study #2


A small business with multiple customers including landlords who pass on tenant's details. Mobile workforce and some use of sub-contractors. Sharing customer details with the Gas Safe Register, Warrantee Providers and Accountants. Shares employee data with HR and Payroll providers.
Customer orders and proof of work.
Website with 'contact us' form. Google analytics and Facebook Ads.
Privacy policy required on website.
Customer data on mobile phones. Security breach or cyber attack. No back up of customer records. Low awareness of GDPR and exposing customer data.
Do you collect data to market or advertise? Do you have any data that is not necessary for conducting your business (name, address, phone number is necessary; date of birth, marital status, probably not necessary)? Review what you currently do and re-evaluate what's necessary in order to carry out your business.

Do you intend to sell or share this data with a third party? You need to be transparent about data sharing.

Are your IT systems and internal procedures adequate to protect the data? A firewall and anti-virus and good password management would be expected under the GDPR. Two-Factor authentication on your email would be essential. Essentially you need to be able to demonstrate that you have put in place good organisational and technical measures. More importantly, as a businesses, who can afford to lose all their records as a result of cybercrime?

Do you have a system for deleting old records? Put in place a plan for deleting data that is no longer required.

What systems and rules are in place for workplace versus personal phones that store and process customer data? Training and awareness are your best defence when it comes to GDPR and data protection.

Finally, publish your Privacy Policy setting out the what, why, where and how you store and process your customer's data. Set out for them how they can exercise their rights under the GDPR.  Gaining customer trust and acting ethically is good for business.

Chances are you already have good systems and processes in place. We can help fix any gaps, and provide you with the documents and policies to demonstrate you're GDPR compliant.
Find the value in Data Protection
The most valuable asset in your business is your people.
Next is your data.
We help your people protect your data
Work with Us