Blog Small Business Compliance: GDPR and Cyber Essentials

Sole traders and micro-businesses may not think that complying to GDPR and Cyber Essential is a high priority for them, but anyone using technology to store customer data is at risk of a data breach.

Why is complying important for your business?

It will ensure peace of mind. If you fail to protect your computer systems, you’re at increased risk of a cyber attack. A virus could result in your organisation losing vital data, disrupting cashflow and taking up staff time. Additionally, loss of personal data could breach GDPR laws.

Are you looking to take on Government contracts? An organisation bidding for a contract with the British Government will need to prove their GDPR compliance and gain Cyber Essentials certification. (You can find out more about this in our blog: GDPR, procurement & tenders – the bidders’ perspective)

It will increase customer trust. Protecting your IT systems and taking steps to keep the data you hold about them safe, will ensure your reputation is upheld. You don’t necessarily need to go for certification for Cyber Essentials, you may think that complying to the five controls is enough for your organisation. But if you did want to certify, you will be listed on the Cyber Essentials website and be given permission to display the scheme’s logo on all of your marketing materials. This is great for showing customers – current and prospective – that you’re going to keep their data safe.

GDPR and Cyber Essentials go hand in hand

Cyber Essentials is useful for those with an eye on the GDPR. The regulation specifies that “controllers” must determine their own cyber security approaches based on the personal information they hold and process. The Information Commissioner’s Office (ICO), whose job it is to uphold the GDPR in the UK, recommends Cyber Essentials as “a good starting point” for the cyber security of the IT systems and networks you rely on to hold and process personal data.

Mark Clifton, CertiKit’s Product Manager adds: “Both GDPR and Cyber Essentials play an important role in managing the risks that organisations face today. The GDPR requires companies to re-evaluate how they process and handle data, to confirm that this is being done only when necessary; and at the same time have the best possible security in place.”

---

More GDPR and Cyber Essentials Resources

CertiKit is a provider of document toolkits and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the EU GDPR , UK GDPR and Cyber Essentials scheme, we’ve put together a list of our best free resources including sample documents, blogs and downloadable documents.

Free EU GDPR Resources

Free UK GDPR Resources

Free Cyber Essentials Resources