Start-up Series: How to be GDPR Compliant Without Breaking the Bank

July 14, 2020

By Siobhan Williams

Following the introduction of the GDPR in 2018, businesses must ensure they manage their data both effectively and legally.

For start-ups in particular, ensuring compliance with the GDPR is vital to engender trust from customers and clients, as well as to secure future investment and avoid potentially crippling fines for data protection breaches.

Siobhan Williams outlines some key steps for start-ups to ensure compliance with the GDPR:

  1. Conduct an internal data assessment. Think about what information you need to obtain from customers, clients and employees in order to provide your goods/services and to discharge your duties as an employer. Don’t forget to think about information you are obliged to obtain by any regulations or legislation you are subject to.

  2. Trim any excess. Think about your existing customer/client journey and what information you are already collecting from them. Are you habitually collecting personal information from people which you don’t use or need?

  3. Keep records. Make sure you keep a written audit trail of the data assessment you have conducted and the decisions you have made. Ensure you have a reasoned explanation of which of the 6 lawful bases you have for processing personal information. Take advice if you are unsure.

  4. Ensure you have data protection policies. You will likely need two policies: one which is customer/client facing, and one dealing with your employees. It is worth investing some resources here to ensure that you have a comprehensive and compliant policy.

  5. Think about your relationships with third parties. You might subcontract some services to third parties, or you might be acting as a data processor as part of the services you supply to your own clients and customers.  Make sure that your terms of business have up to date data protection provisions – if you are processing data on behalf of your clients, make sure you have appropriate warranties from them that they have the right to share the personal data with you.



Contact Our Team
Fflur Jones
Managing Partner
View Profile
Owen John
View Profile
Rachel Ford-Evans
Senior Associate
View Profile
Rhodri Evans
Senior Associate
View Profile
Siobhan Williams
Senior Associate
View Profile
Stephen Thompson
View Profile

I have worked with Darwin Gray for a number of years and the level of service, professionalism and timely response is second to none. I would highly recommend Darwin Gray to any business.”

Becs Beslee
Dice FM Ltd

Darwin Gray have provided us with a first-class service for many years now. They really take the time to understand our business and develop relationships which results in advice and support that is contextualised and effective.”

Rebecca Cooper
ACT Training

We have worked with Darwin Gray for several years and have always found their services and advice to be first class.”

Karen Gale
Stepping Stones Group

An extremely professional and sincere company who make time for your queries and understand the need to break down certain facts and information to ensure everything is understood perfectly. I would highly recommend the company to anyone looking for any type of legal advice”

Gwawr Booth
Portal Training Ltd

PSS has worked with Darwin Gray for many years. We have always received an excellent service. Prompt and professional advice and support.”

Ledia Shabani
Property Support Services UK Ltd

We have used several departments within DG recently and we have been very pleased with an effective, efficient and down to earth service. Very happy thus far and I expect that we will continue to use DG.”

Guto Bebb
Farmers’ Union of Wales

Darwin Gray offer us truly superb services. Very professional, quick and services available bilingually which is very important to us, highly recommend.”

Iwan Hywel
Mentrau Iaith Cymru

My “go to” in urgent and time sensitive cases for direction, support and advice. The team are quick to respond to calls or emails for advice and support on all matters. Always explain complex matters in a way a lay person can easily understand.”

Margot Adams
Guarding UK Ltd