ICO have produced a very helpful document to help Micro Businesses (less than 10 staff) and Sole Traders comply with GDPR.


There are 8 steps:

1. Know the law is changing – which you now do, so that’s one thing you’ve done already!

2. Make sure you have a record of the personal data you hold and why.

3. Identify why you have personal data and how you use it.

4. Have a plan in case people ask about their rights regarding the personal information you hold about them.

5 . Ask yourself: before I collect their data, do I clearly tell people why I need it and how I will use it? 

6. Check your security. This can include locking filing cabinets and password-protecting any of your devices and cloud storage that hold your staff or customers’ personal data.

7. Develop a process to make sure you know what to do if you breach data protection rules.

8. Don’t panic: they’re here to help. For example, you can see some frequently asked questions and their answers for several different business sectors. 


Find out more about each of these steps.