The deadline for GDPR has now passed but I am still being asked regularly about this topic and of course it will be something under constant review moving forward.
For most people the idea of where to start for their business was daunting and part of the problem in the sense that too much time was spent thinking about it rather than actioning it. The ICO website is actually a good place to research specific areas now.
We are not GDPR experts but of course have been through the process with our business so have a few tips to share in regards to a starting point at least.
A good way of starting this is to think about your systems and what you do with a customer from signing them up to providing the service to them to what happens with the data when they are no longer a customer
Finally how do you and your team access and send information. As we all know email is easily hackable so we need to be very careful about what is sent this way. If you store the data on a system do people need to access with a password and is it mandatory to change it regularly? Do they access work emails on their mobile? Do they have a password to get onto their phone? If you keep paper copies of information do you have a clear desk policy? Is the information kept in locked drawers?
These are simple things that can be put in place and documented and at least you will have made a positive start to showing you are complying with the legislation.