Showcasing the Best of Welsh Business

GDPR – General Data Protection Regulation


This article has been submitted by Business Doctors

Businesses are generating data at a staggering pace. With more and more files in their possession, so the number of breaches and near misses increase.

According to digital security company Gemalto there were 974 publicly disclosed data breaches during the first half of 2016, which led to the theft or loss of 554 million data records.

Members of the public are rightly concerned about the potential risks of such a breach if a company or organisation is holding personal information about them.

GDPR (General Data Protection Regulation) is the biggest change in data privacy regulation in two decades and it affects businesses of all sizes and in every sector, including SMEs. It has been devised to protect data privacy and standardise data protection laws across Europe.

Enforced on 25 May 2018, heavy fines will be handed out – up to four percent of annual turnover – for companies that do not comply.

GDPR for SMEs in simple terms

  • GDPR broadens the scope of personal privacy laws to protect the data rights of EU citizens.
  • Individuals will have greater control over who holds data relating to them, and how it can be used.
  • After the legislation comes into play next year, organisations will have to report data breaches within 72 hours.
  • There will be more stringent rules for obtaining consent from individuals on how their data can be used.

GDPR applies to personal data that resides anywhere within an organisation. Its impact will be felt by every area of a small or medium sized business.

Some kinds of small businesses will be affected more than others by the introduction of GDPR. For example online retailers, social networking sites and other internet-based companies are amongst those that will need to do the most preparation for GDPR. Other sectors that would do well to get their houses in order well ahead of time include the financial services sector, retailers, the communications industry and healthcare.

Identification is key

Ahead of next May, every SME needs to undertake a full internal review to begin to unlock what is required.

The review needs to include:

  • What types of personally identifiable information do you hold?
  • Where are they located?
  • What level of security is required?
  • Who has access?
  • How will the data be used?
  • Do you have consent to use the data you hold?

GDPR is about more than just data being secure. It’s about capturing the context of data and being able to prove everything is being done to protect the subject’s data and the rights of the subject themselves.

Governance is paramount

For an SME to be truly ready for GDPR, they need to:

  • Have business-wide policies in place.
  • Communicate the rules in a way that all staff understand.
  • Have data assets fully recorded.
  • Be aware of data context
  • Knowing data and understanding its context allows for easy reporting
  • Accountability: covers the whole organisation, cross referencing those who control data.
  • Responsibility: data protection should be a standing agenda item for senior management and board meetings

Set up internal controls

Strong internal controls can help an SME to ensure that they do not fall foul of the new GDPR legislation:

  • Records held of all data sources and locations.
  • Documented authorisations and access levels within organisation.
  • Revise staff hand book/policy to address what is needed.
  • Allocated roles and responsibilities for everyone that touches data.

First and foremost, you need to plan for what needs to happen within business, charity or organisation to ensure future GDPR compliance.

Whatever Brexit looks like, UK enterprises that sell goods or services to other EU countries will need to comply with the new legislation. Whether England, Scotland, Wales and Northern Ireland will retain GDPR in a post-Brexit world, we don’t yet know. But the UK government has indicated that if they ditch the new rule, something similar will be established in its place.

So sitting back and doing nothing is not an option. Small businesses need to be preparing themselves for tighter data regulations right now – whether in the form of GDPR or something else.

More information about GDPR for SMEs



I am a full time business troubleshooter and advisor to business owners and SEM decision making teams.

Able to bring determination, confidence and creativity to each and every challenge by drawing on:
– 32 Years in Commercial & Business Banking dealing with businesses operating in all sectors and in all markets.
– 6 Years as Director of South Wales & Mid Wales Chamber of Commerce which placed me in contact with business owners and their professional advisors.
– Building the NatWest Business Development Team with specific focus on sectors and intermediaries.
– Extensive network & contact base.
– Board/Committee membership with Chairman experience.
– Responsibility for leadership & management of UK wide Teams and up to 3,500 staff.

I have been fortunate to work with some fantastic people throughout my career and assisting individuals and teams to achieve their true potencial has been very important to me.

My principles are very much based on hard work and determination which will be at the heart of most business successes.


Business Doctors is a support network dedicated to helping small and medium sized businesses fulfil their potential.

We’re experienced business people who offer hands-on support to SME owners, enabling them to overcome their individual challenges and helping them to achieve their aspirations for growth.

Business Doctors is not a business consultancy, nor are we traditional management consultants. Our approach means getting into the inner workings of your company, providing practical advice every step of the way. Expect us to step off the sidelines and get involved, because we know from experience that this is what it takes to help you achieve your vision.

We have helped develop and transform hundreds of companies across a spectrum of industries, filling a gap in the market between the big four consultancies and specialist individuals. Our holistic approach and alignment to government funded support programmes has helped us to become the fastest growing business support network in the UK. Connect with your local Business Doctor here.


Related Articles