How to avoid a Million Pound fine

… yes, truly, however small or big your business and turnover may be … its coming.

In my world it is literally raining news items, white papers, how-to guides, webinars and infographics.  As a result many actually shut off and who can blame you, Compliance is quite possibly the most negative and boring subject to be dealing with. What am I talking about? There are new rules kicking in officially in 2018 but they affect how you run your business right now already with huge fines waiting at the end. 

Let’s keep this short and sweet. Do get in touch if you have more in-depth questions. 

What is it about?

The General Data Protection Directive (“GDPR”) will replace the Data Protection Act in Spring 2018. Research shows that 1 in 4 businesses are still unprepared for what this change is bringing. 

This new set up is being brought in as we live in the “Information Age” where your data and the data of your staff and customers is worth more than gold. Data is being shared and stored all over the world with many people now being at high risk of identity theft and other criminal activity.  The GDPR gives a great number of new rights to people and massive obligations to organisations.  So for example, a person now has the right to be forgotten. Do you know how long you must keep certain information to i.e. satisfy HMRC and when it must be destroyed? Do you know where the data is stored i.e. customer address in your SmartPhone’s address book are stored in the ‘Cloud’. Is that ‘Cloud’data stored in the UK or Uganda? How do you guarantee its safety AND destruction?

Why bother?

Check out this freely accessible Infographic to give you a better idea and even better… to put in front of your boss and get him/her to listen.What the new EU GDPR means in 1 minute

In a nutshell, the enforcement abilities by regulators such as the ICO are going through the roof with fines of up to 20,000,000 Euros or 4% of annual turnover (whichever is GREATER).  In addition, the person in charge of the organisation as well as any registered Data Protection Officer are PERSONALLY LIABLE. This means that a Ltd company status can no longer protect from prosecution and puts your house, your freedom and your personal reputation on the line.  

The ICO is getting ready for this now.  They have upgraded their systems and are working much closer with other organisations in order to find those businesses doing wrong. SMEs, just like yours are (sadly) ripe to be picked.  Don’t be one of them! 

How to prepare?

There are some easy steps that you are already legally obligated to take, so make sure you start with what you ought to be doing already.

  1. Register with the ICO as a “Data Controller” (10 minutes time & £35 well spent!)
  2. Add a Privacy Notice to your website and other documents. Guidance can be found on the ICOs website (
  3. Ask the YBC Legal Support team for a template data protection policy, fill in your details & publish it on your website.
  4. Get some basic data protection awareness training for you and your staff.
  5. Check your set up by using the free ICO’s Data protection self assessment toolkit It takes less than 30min and will tell you what else you might be missing under the current rules (making it easier to upgrade from there).

Once you have done the basics, take a deep breath and have a look at the 12 Step Programme to prepare for the upcoming changes. 12 Steps to Take Now  It’s worth bookmarking and familiarising yourself with the resources available on ICO’s Data protection reform website, which is constantly updated with new guidance. The guidance provided is honestly in Plain English.

Most Importantly

Do NOT delay.  It says 2018 as an implementation date but it already affects the personal information you collect now. 

To put it in perspective, any leads that you generate today must be deleted / destoyed in their entirety in Spring 2018 unless you hold that information based on the GDPR rules. Are you working hard to generate leads and build a book of contacts? Protect it now by getting ready for the GDPR.  If not, you will immediately face fines and prosecution once the GDPR implementation date has passed.  Don’t make it easy for the regulator to shut you down. Prepare now! 


I thought I better mention this. As a Premium Member of YBC, you are insured.  This includes legal cover in the event of prosecution in matters of data protection. Its a great little (free) add-on, HOWEVER, no solicitor can protect you if you did not comply with the law.  So follow the five basic steps above and then tackle the 12-step programme from the ICO.  Then your YBC Legal Insurer will be more than able to to help you out.