IT Support &
Business Software

Still confused by GDPR? A step-by-step guide to compliance


As you are probably aware, the General Data Protection Regulation (GDPR) came into effect on the 25th May. The new regulations apply to all businesses in the UK and non-compliance can result in hefty fines.

GDPR – How does it affect your business?

Privacy is at the heart of the regulation. If your business suffers a data breach, you are required to report it and notify all individuals concerned. This is likely to not only cost you financially but also in terms of damage to your reputation.

There are a number of steps you should be taking to become GDPR compliant. Although the regulation is already in force, the ICO have indicated that leeway will be granted to businesses who can demonstrate they are working towards compliance. This will not last indefinitely however, so it is crucial that you take action now.

All businesses in the UK are required to develop and execute an Action Plan to achieve compliance. To help with this, we have provided an outline of what the plan should look like below.

A GDPR Action Plan for your business

To ensure compliance, your plan should cover the following;


Step 1 – Lawfulness, fairness and transparency

  • Conduct a full information Audit and create a data register
  • Identify lawful bases for processing data
  • Review how you ask for and record consent
  • Register with the ICO

Step 2 – Individual’s Rights

  • Provide Privacy Notices to individuals
  • Develop processes to ensure data is up to date
  • Develop Processes to respond to an individual’s requests (Subject Access Requests)

Step 3 – Accountability and Governance

  • Develop an appropriate data protection policy
  • Provide data protection awareness training for all staff
  • Develop a written contract for all data processors you use
  • Assess the need for Data Protection Impact Assessments (DPIA) and carry them out
  • Nominate a data protection lead and record this in your data register and data protection policies

Step 4 – Data Security, international transfers and breaches

  • Develop an information security Policy supported by appropriate security measures
  • Develop a process to identify, report, manage and resolve any personal data breaches

GDPR Compliance for your business

Whilst you can develop this plan internally, you may not have the time, resource or expertise. If so, you may prefer to enlist the help of a GDPR specialist. For this reason, PCR has teamed up with a GDPR practice who specialise in compliance. Importantly, they recognise that every business has its own unique processes and requirements.

A qualified GDPR practitioner will provide you with cost effective advice and expertise to guide you to compliance. With a range of services, they can deliver varying levels of involvement to assist you in the process.

If you would like more information on achieving GDPR compliance or to enlist the help of our GDPR practice partner, please get in touch.


Max Somper Metamark

PCR are very much on the same page as ourselves. They're very flexible, pragmatic about response, efficient, and they've always been the best choice for us as a business.

David Stocker Kingfisher Inks

We can always depend on PCR to offer us excellent service in terms of support for Pegasus and our IT network. Their advice is always tailored to our requirements and situation, and we can rely on them to ensure that it is the best solution for us.

John Higgins Duchamp

We would recommend PCR as a good IT support partner to have on a day-to-day basis and for practical advice.

Contact us now