GDPR & Data Protection for Small Businesses

Understand GDPR obligations for small businesses: lawful basis, data rights, security, breaches and retention.

Lawful basis Data rights Security & vendors

GDPR essentials for SMEs

Lawful basis & transparency

Choose a lawful basis (contract, consent, legitimate interests, etc.).
Provide clear privacy information to data subjects.
Keep records of processing activities.

Individual rights

Access, rectification, erasure, portability.
Restriction and objection, including marketing.
Respond within one month; verify identity.

Security & breaches

Use appropriate technical and organisational measures.
Have a breach response plan; notify ICO where required.
Data processing agreements with suppliers.

Quick GDPR checklist

Map personal data and processing purposes.
Document retention periods and deletion routines.
Enable subject access requests and verification.
Assess risks and, if needed, complete DPIAs.