General GDPR query for small business with three employees

[Deleted member 306237]

Hi there,

My name is Ian, and I have a small Audio Visual installation business with two other people.
We install audio visual equipment in customers homes, and invoice them for the work. We use Google Gmail for Business, for our emails to customers and Xero Accounting Software to raise invoices. Both of these services are Cloud based.
We don't share customer's personal details with third party companies.
I've been reading into what might be required to ensure we comply with the imminent GDPR. It's a bit of a minefield, with lots of links to employing the services of a DPO, etc. Obviously we just don't want to pay out unnecessarily for anything, but I just need to ensure we comply. Google Gmail and Xero will both be fully complient, so I'm wondering what is left for us to do?
Any guidance, as to the best thing to do would be much appreciated.

Regards
Ian

 

[Hitesh Mistry]

Hi Ian

Check out GDPRTracker.co.uk - it will guide you step by step through the process

Hitesh

 

[Simon Plummer]

Hi Ian, You will only need to employ a dpo or pay for DPO services if you process significant amounts of data. Obviously they term 'significant' is subjective. However from what you have said, i doubt you come into that category. If unsure, you could try asking the ICO on the off-chance you get a response.

I know that google now ask for you to 'tick the box' if you want the GDPR model clauses included in the terms (for google apps/google for business) so that is fine, not sure about Xero, but as long as the same actions are taken i don't see a problem.

What you need to ensure is that you know where the data is - if either of these services (who will be classed as a data processor) process this data outside of the EEA then you need to ensure that your documentation /privacy statements advise this. You privacy statement needs to be clear and transparent (loads of guidance on the net) and easily available (on your website?). Make sure you document why you process the data, what it is for, how long you keep it and the 'lawful basis for processing' (again guidance on the net for this).

Hope this helps!

 

[SwanOfficeSupplies]

Hi Ian

Check out GDPRTracker.co.uk - it will guide you step by step through the process

Hitesh

Hi Hitesh,

This is your site, right ?

It states £299/year but if you click the login page it says £99/year.

Doesn't instil confidence!

 

[Keith Budden]

Make sure you have a GDPR compliant privacy policy which each of your customers has access to, normally via your website, although for businesses like yours I would also recommend you each have a printed, laminated copy which customers can view when you meet them if they wish to.