BT Business Direct - PC Hardware, Components, Software, Digital Cameras, MP3 players
BT logo
Buy Products


You may think that GDPR doesn’t apply to small businesses because data breaches and hacking are considered less common for businesses with fewer staff or data. This isn't true. Businesses tend to store a lot of data that they don’t even know about and the security of smaller businesses can be weaker due to mobile workers and Bring Your Own Device programmes. No matter the size of your business, whether it’s a one-man band or an office of 250, you must protect your data.

What you need to know

Businesses need to be aware of GDPR and what they need to do to make sure they’re compliant. On 25th May 2018 legislation on how you process, store, use and dispose of your data changed drastically. The Data Protection Act is changed to the General Data Protection Regulation and you and your business MUST comply. Since GDPR came into play, it's your responsibility to ensure that data is kept and managed in compliance with this new regulation, or you could face serious consequences. GDPR increases the responsibility businesses have to inform clients and customers about how their data is being used and by whom.

GDPR became a chargeable law May 25th 2018

There will be fines of up to €20 million or 4% of revenue1

If you don't comply, your businesses reputation could be affected

You will need to appoint a Data Protection Officer

Why you need to comply

Failure to comply could lead to fines of up to 20 million euros or 4% of your global revenue, whichever is higher. More importantly, as well as fines, your reputation could be seriously affected. If your client or customer data is lost or stolen, and ends up in the wrong hands, your business takings could drop and reputation could be damaged. The latest YouGov poll, commissioned by the ICO, showed 77% of customers would stop or consider stopping using a company’s services if there was a data breach.2

It’s important to ensure you comply with the new regulations.

The GDPR will still apply after Brexit

You have 72 hours to report a data breach to the ICO

You must be able to prove compliance

The GDPR replaces the Data Protection Act

What you need to do next

Appoint a Data Protection Officer eye

You’ll need to appoint a Data Protection Officer who’ll be responsible for monitoring and enforcing GDPR policies and procedures. You can hire internally and combine the duties of a Data Protection Officer with another role. However, the person appointed must be completely impartial so those who work in IT, HR or Finance, as they have access to a lot of data, may not be the best choice.

Research what GDPR means for you eye

There are lots of resources online that can keep you up to date with GDPR. The ICO has a variety of information, including a new self-assessment tool. You can complete a form to see where you’re up to on your GDPR compliance journey and what you need to do next.

Check your data and how you store it eye

In order to be in control of your data, you must know:

  • What data you hold
  • How long you’ve held it for
  • And how it’s stored

The data you hold should be secured and encrypted to make sure it doesn’t end up in the wrong hands. You may also find that you’re storing data you don’t need or that has expired (passed the date of how long you should keep it). In this case, you must find a way to dispose of it securely and we can help you with this.

More info

Choose the right technology eye

We can work with you to ensure that your network, the devices you’re using and your security infrastructure are as secure as they can be. We have a range of recommended secure devices that will make sure you have the best defences when it comes to hackers.

More info

Update your privacy notices eye

Under the GDPR you must be transparent with your customers and those that you hold data of. You must make it clear what data you hold, how it is held and what it is being used for. You can do this really easily with a privacy notice. If you have them already, they may just need updating. There are some good and bad examples of privacy notices on the ICO website.

More info

Encrypt your data eye

Again, there are several ways you can encrypt your data. We can recommend the best ways to do so and this way you’re adding another defensive layer to your system.

More info

Plan for continuous compliance eye

You need to make sure that your business and staff are being compliant in everything they do, from handling data to using it or disposing of it. You need to make a robust plan of how you’re going to maintain compliance and not forget about new procedures.

Know the customer and staff rights:

Under GDPR, the personal data you hold or process about a living person gives them the following rights:

  • The right to be informed – you must tell them what data is used, why and for what purpose
  • The right of access – customers, staff and partners/ associates are allowed to see what data of theirs is processed
  • The right of rectification – if their data is wrong, you must correct it
  • The right to erasure – they can demand that you delete all their data
  • The right to data portability – they can decide to move their data to another processor, which you then must supply the data to securely
  • The right to object – they can object to your use of their data and you must stop using it
  • Rights in relation to automated decision-making or profiling – they can demand that automated decisions about them are reviewed by a human

Secure your devices: 95% of data breaches originate from the end-point3

Secure your network

More info

Register for our FREE GDPR webinar

If you’re feeling overwhelmed with getting ready for GDPR,
let us break it down for you. We’ll give you real world examples
to help guide you through your preparations

Learn more

Also, why not request a copy of our FREE GDPR whitepaper

Learn more

View things you need to know

  1. Source:
  2. Source:
  3. Source: Data Breach Investigations Report 2016
  4. Up to 13.5 hours of video playback. Testing conducted by Microsoft in April 2017 using preproduction Intel Core i5, 256GB, 8 GB RAM device. Testing consisted of full battery discharge during video playback. All settings were default except: Wi-Fi was associated with a network and Auto-Brightness disabled. Battery life varies significantly with settings, usage and other factors.
  5. Knox refers to the free-of-charge built-in Knox security platform and the accompanying optional paid Knox solutions.

Verified by visa Mastercard secure Waste of Electrical and Electronic Equipment (WEEE) Directive