Are you sure your business is GDPR compliant?

>Download our guide on data privacy in business

If you are like us, you probably reached GDPR fatigue a long time ago, and who knew that so many businesses were your friends, many you had never even heard of!

GDPR is not the new Millennium Bug - GDPR is here to stay and MUST be taken seriously as it impacts on every business in the United Kingdom.

With fines of £18,000,000 and, under the new Data Protection Act 2018, directors held personally liable to pay those fines, the time to act is definitely now.

Whilst most businesses will not face fines of £18 million, what level of fine would hurt your business? Would it be £50,000, £100,000 or higher than that? Would your directors want to pay that out of their own pockets whatever that fine was?

Accounting issues

Many businesses should have registered with the Information Commissioners Office (ICO) to   legally have personal data (for   example, no matter how small the business, if CCTV was used on business premises that business had to register) but very few did. That means all the personal data was illegally collected.

Separately, if no Privacy Notice was given at each collection point then it was unlawfully collected.

Additionally, we have seen that businesses which "borrowed" someone else's Privacy Notice have ended up being fined, as they did something with personal data that was not in their Privacy Notice. We are not talking about Cambridge Analytica / Facebook, but businesses a lot smaller than that.
Each of these failures means each past and present customer has a claim as of right.

Accounting Consequences

For those businesses that were either:
(a) not registered with the Information Commissioner under the 1998 Data Protection Act but should have been (were you registered?); or,
(b) who did not give a Privacy Notice at every point of collection of personal data (website, form, app, call), (did you?);

Those failures mean each past and present customer automatically has a claim, of a minimum of £1,000. Article 82 GDPR enshrines claims for related distress so there is no  escape.

Due to the Accounting rules , the existence of potential claims means that accountants will, or should, consider recording provisions in the accounts. 

Provisions of even £1,000 per past and present customer will be a lot for any business. It could mean that no dividends are paid out until those provisions wash through.

DataGuardsman—Setting the standard in GDPR compliance

It is not easy to comply with the requirements of 262 pages of text, 99 rules and 6 Principles. How do you ensure you are doing what is needed to run your business safely? The solution is DataGuardsman.

What is DataGuardsman?

This web based system was designed by legal experts and tested by real businesses to make it as simple to use as possible. Sign up, log in securely and work through bite sized modules at your own pace at a time to suit you.

DataGuardsman asks users to answer simple questions about their business and intuitively produces policies, documents - and where necessary, a task list for you to complete. Updates are also issued as the law changes making sure users remain protected and well informed.

Once all the modules have been completed the DataGuardsman seal will be issued for your business to use on documents and web sites, plus an additional £250,000 of insurance against fines to protect directors and business owners.

Protect your business with GDPR and Cyber Security options

Option 1: Brookland Protect – Raising the standard with training

Making sure that your business is fit to trade is one thing, but if you have staff it is important that they are aware of how to manage data, promote the business safely and avoid potentially costly data breaches, privacy claims or ICO fines.

Providing unlimited access to Cyber Security and GDPR training through on line learning solutions is an efficient, cost effective and easy way to make sure that your team are well informed, It also provides you with clear guidance and knowledge as well as complete peace of mind in the complex world of online security.

GDPR Protect includes a DataGuardsman subscription and on line certified courses at Employee, Foundation and Practitioner level covering topics such as ePrivacy, Cyber Security Awareness, Malware and Phishing, Fraud Prevention and Internet, Email and Social Media Safety.

Cost £99 + vat per month (minimum 24 month contract).

Option 2: Brookland Protect Ultimate – Security, training, compliance and software solutions

In addition to the GDPR Protect service the very latest software solutions can be added to give practical protection immediately – a privacy and security package    including Mobile Device Management, E Mail Encryption, Web Filtering and Multi Factor Authentication has been designed to provide security and peace of mind for SME’s.

Cost £99 + vat per month PLUS £25 + vat per user (Minimum 24 month contract).
Example: a 5 staff business = £224 + vat per month.

N.B. A one off technical set up charge will be due when the software installation occurs, this will be quoted on a client by client basis subject to system requirements and numbers.

If you would like any further information on any of these options please contact the office on 01932 830664 or email


Phil Grainger
Managing Director and Partner