For many small businesses, especially sole-traders and Limited Liability Partnerships, it may only be necessary to produce and publish a clearly defined Data Protection Policy in order to be compliant.

However, merely declaring a policy will be deemed to be insufficient in the event of an investigation (which is only likely to happen following a data breach / compromise) unless there is hard evidence that adequate precautions were taken to implement the policy, including protecting all data that falls within the scope of GDPR – namely data that identifies a person either directly (full name, address, or photograph) or indirectly (IP address + Facebook handle and / or + characterisation of an individual).

Yes, we know… May is nearly here and the GDPR deadline is closing in fast. 

But as Corporal Jones said:

"Don't panic, Mr Mainwaring!"

So do you know what GDPR is? And are you prepared?