Three key tasks to stay GDPR compliant

18 December 2019

Datasense are delighted to be working with SEMLEP in delivering GDPR workshops for small businesses. We were at the Corby Innovation Hub on 27th November talking to businesses about what GDPR means for them. The three key tasks that every business needs to do to ensure GDPR compliance is:


1.  Registration with the ICO

If you are a data controller then you must register with the ICO (Information Commissioners Office).


2.  Have a Privacy Policy at the point of data collections

A privacy policy must contain:

  • Details of the data controller (the name of the company who makes decisions about what happens to the data)
  • The purpose for which they are collecting data. This could be for marketing purposes, processing an order or recruitment.
  • The types of data you are processing (clearly stating which is person/sensitive/criminal)
  • The types of data subject e.g. employee, customer
  • Where you got their data from (if it wasn’t directly from the data subject)
  • Details of any recipients of personal data
  • Details of any third country transfers
  • How long personal data is retained, this may vary depending on the type of data and any statutory requirements
  • Details of technical and organisational security measures in place


3. A Record of processing activity

This can be a spreadsheet or a word document and contains details of all the personal data that you process along with:

  • Purpose of processing
  • Categories of individuals
  • Categories of personal data
  • Categories of recipients
  • International Transfers
  • Safeguards
  • Retention Schedule
  • Technical & organisational security measures
  • Lawful Basis
  • Condition for processing
  • Rights available


GDPR is not just about compliance, there are many benefits to your business from making sure that you are looking after your customer data.

  • Greater consumer confidence
  • Improved data security
  • Reduced data maintenance costs
  • Better decision-making

Thanks to the GDPR, your organisation’s data will become more consolidated, ensuring that your data is easier to use and you have a greater understanding of its underlying value. This insight will let your organisation learn more deeply about its customers and identify areas where customer needs are unmet. By using customer information effectively, your organisation will be able to make better decisions and consequently get a better return on its investments.