GDPR – what your business needs to know

GDPR deadline looms

What is all the fuss about GDPR? Put simply, the General Data Regulation Protection (GDPR) puts personal data back in the hands of the individual who owns it.

Unless your living under a rock, you’ll have heard a lot recently about the EU’s General Data Protection Regulation (GDPR). It’s an important piece of legislation, yet some people still aren’t sure what it’s about. Also, many businesses and organisations are under-prepared. However, with less than three weeks to the deadline for compliance on the 25th May, here’s what you need to know:

Just what is GDPR?

If you’re one of the many people that doesn’t understand the concept behind GDPR, you don’t need to swim through pages and pages of legal text. GDPR puts personal data back in the hands of the individual who owns it. It also ensures organisations are clear and honest about how they handle personal data.

How do you handle personal data?

Only collect personal data that you need and only store it for as long as you need it. You have certain key responsibilities in relation to the information which you keep on computer, or in a structured manual file about individuals. These can be summarised in terms of eight ‘Rules’ which you must follow, according to

You must:

  1. Obtain and process the information fairly
  2. Keep it only for one or more specified and lawful purposes
  3. Process it only in ways compatible with the purposes for which it was given to you initially
  4. Keep it safe and secure
  5. Keep it accurate and up-to-date
  6. Ensure that it is adequate, relevant and not excessive
  7. Retain it no longer than is necessary for the specified purpose or purposes
  8. Give a copy of his/her personal data to any individual, on request.


These provisions are binding on every data controller. Any failure to observe them would be a breach of the Act.

Check data storage systems are secure

Don’t store personal data unencrypted on a USB stick, for example; or leave it on an unsecured web server. Data breaches can lead to big fines under the regulation, so keep it secure, encrypted and safe from prying eyes.

Who is responsible for data protection at work?

You need to appoint someone within your company to take charge of data compliance. They must be properly trained and briefed on their obligations. This person could be a Data Protection Officer – if you’re required to appoint one – depending on the nature of your organisation. Certain data controllers are required to register with the Data Protection Commissioner.

Treat personal data with care and respect

This is the simplest part of the whole thing. How would you want your personal data treated? Treat any personal data you collect the same way. There will be consequences for non-compliance with GDPR, including fines up to €20 million.

If you’ve started thinking about GDPR and have good practices in place, none of this should be a huge problem. But if not, don’t panic, but make sure you take action now to get your business in order.


Small Business Advice

Small Business Advice is a free and confidential advice service offered by Ireland’s business community to help businesses grow. 1250 small businesses have benefited from the Small Business Advice Programme.

For more information call 021 421 1433 or Apply Online today


  • Margaret Fahy

    Hi, we are a property maintenance company with 20 staff members, both office based and on the road. I want to make sure that the company is GDPR compliant as we would have telephone numbers etc of tenants/landlords and am looking to see what documentation I should have on file to ensure we are GDPR compliant.

    Kind regards

    Margaret Fahy

  • Hello!
    We are also a small business, but I want to make sure we have all the processes GDPR compliant so will appreciate some help!

    Kind regards,
    Irina Sergeeva

Leave a Reply