GDPR readiness toolkit for the SME sector

We will officially launch the new GDPR section at our Business Bytes event tomorrow (10 January). There is still time to book your place here to learn from Brendan Gavin and Sean O'Donnell of ByrneWallace how businesses can start their GDPR compliance process. The toolkit and a number of other GDPR publications are now available through our dedicated GDPR section on the SFA website which you can view at


The GDPR readiness toolkit is an ideal resource for SMEs to map out the personal data they currently hold, to document the lawful basis for collecting data and detail the retention periods for each category of data.  Some aspects of GDPR will be more relevant to your business and the toolkit will help you determine the areas that will have the greatest impact on your business, those that are not relevant and the areas that need to be remedied in order to be GDPR complaint.


The toolkit contains a series of detailed questions on:

  • personal data
  • data subject rights
  • accuracy and retention
  • transparency requirements
  • other data controller obligations
  • data security
  • data breaches
  • international data transfers


To help you understand each of the sections, the Data Protection Commission also published GDPR and You – Preparing for 2018. This is a user-friendly guide to help you understand what GDPR entails. It has twelve sections that organisations need to be aware of in preparing for GDPR. These are:


  1. Becoming aware – this section discusses the need for being aware of the GDPR requirements and to understand what is required.
  2. Becoming accountable – this section advices how businesses need to conduct a GDPR audit of all the personal data they hold. We recommend that you avail of the downloadable GDPR readiness toolkit for SMEs that is on the SFA website.
  3. Communicating with staff and service users – this section looks at how best to communicate the data protection changes with staff, clients and suppliers.
  4. Personal privacy rights – this section looks at the rights that individuals have in terms of how their data is held, retention and deletion of data subject details. 
  5. How will access requests change? – this section examines how data access requests should be managed to meet the shorter response timeframes under GDPR.
  6. What they mean by legal basis – this section outlines what legal basis means and how businesses need to define their legal basis for retaining data.
  7. Using customer consent as grounds to process data – this section advises businesses to look at and see how they obtain consent from their data subjects.
  8. Processing children’s data – this section looks at the new requirements for processing data in relation to children and the requirement to obtain consent from an adult.
  9. Reporting data breaches – this section discusses what you should do in the event of a data breach and who to advise in the case of a serious data breach.
  10. Data Protection Impact Assessments (DPIA) and Data Protection by design and default – this section details what is a Data Protection Impact Assessment and what businesses should do if they are required to conduct a DPIA assessment.
  11. Data protection officers – this section discusses how under the new legislation some organisations will be required to have a designated Data Protection Officer (DPO).
  12. International organisations and GDPR – this section is relevant for businesses that operate in multiple states within the EU.


With only five months to go before GDPR comes into force, there is a lot of work ahead for businesses. The changes will impact all businesses, big and small and the new legislation gives the data protection authorities enhanced powers to deal with non-compliance. This includes administrative fines that could be as high as €20 million or 4% of total annual global turnover for serious breaches. The positive side of being GDPR compliant is enhanced reputation and trusted relationships with clients, suppliers and service users as well as improved processes and procedures in the collection and management of personal data.


The SFA are mindful of the significant workload ahead for its members over the coming months and we will continue to give GDPR updates in our e-zine, add resources to our dedicated GDPR web section, rolling out a series of events between now and May as well as providing dedicated GDPR support by phone or email.


If you have concerns about GDPR and would like further advice please contact Helen at SFA on 01 605 1668 or at or visit our GDPR advice section.



Facebook Twitter LinkedIn Digg Yammer
In this issue
SFA E-Zine – The Tuesday Edition
Recent press coverage
Small Firms Outlook 2018
GDPR readiness toolkit for the SME sector
SFA Business Connect Event
Probation - potential costs to your business
Your Europe Business – information portal for the EU Single Market
Is your business GDPR ready?
SFA Business Connect
Introduction to selling to government
SFA Training that counts 2018 – 12 topics to choose from