How do I... get ready for the GDPR?

Support Analyst

Fav thing about the office

Very welcoming and positive atmosphere

As a child I wanted to be a ... when I grew up

A DJ, a rally car driver or a police man

Guilty Pleasure(s)

Jamiroquai, Madonna and Lana Del Rey

Favourite Holiday


If I had a superpower it would be...

Invisibility ;)

Describe yourself in three words or less

Laidback, funny and charming

An interesting fact about me

I have some pretty good trampoline skills (used to)


Music, beer and relaxing

Favourite Band

I like rappers not bands! But if I had to choose - Empire of the Sun

Karaoke Jam

Madonna - Get into the groove

What I do at Q2Q:

I perform day to day support for Q2Q which means I resolve issues and perform tasks for customers.

I am fairly new to the IT world so I am currently improving my technical skills and customer service skills. In the future I want to perform implementations, assist on projects and perform more complicated resolutions to problems.

Background and Achievements

I have previously worked in warehousing, operations and supply chain. I have performed in-house IT support and also assisted on an ERP systems implementation project.

I currently hold a first class honour degree (Bsc Hons) in Network Engineering, Security and Systems Administration. I also have qualifications in retail and sales along with two forklift licences.

Hobbies and Interests

I don’t really have any hobbies I tend to spend my time with friends, family and my girlfriend. I enjoy going out, holidays and relaxing. I do however have a passion for music.

With just 5 months to go, time is running out for SMEs to prepare for the GDPR! Towards the end of last year, our MD Andrew shared some crucial advice with BQ Live about how small businesses should be getting their processes up to speed and compliant – if you missed it, you can read the full article here...

The closer we get to the General Data Protection Regulation (GDPR), awareness of what it involves or how to achieve compliance worryingly doesn’t seem to be improving – especially amongst SMEs. A recent study actually revealed that less than one in ten small and medium sized business owners fully understands the GDPR, or has taken the appropriate steps to prepare themselves for it.

So, what does it actually entail?

Quite simply, the GDPR is a new set of laws that comes into force on 25 May 2018 to replace the existing Data Protective Directive. It will provide rules on how individuals’ information can be obtained, used and stored by an organisation. And when it comes to the actual use of data subjects’ information, the new regulations can be broken down into six key data processing principles.

These dictate that data must be:

  • Processed lawfully, fairly and transparently
  • Collected for a specific purpose
  • Limited to only relevant processing
  • Accurate and kept up to date
  • Retained for no longer than necessary
  • Protected with adequate security measures.

Of course, knowing where processes should be is all well and good, but it’s likely that most organisations will have a way to go before getting there. And although there is no one-step solution to achieving GDPR compliance, these five key steps will certainly help:

  1. Carry out an audit – Current procedures should be compared to the GDPR framework and a Data Protection Officer assigned (if needed) to take responsibility for the transition.
  2. Start a data register – This will keep track of all personal data that is processed, acting as an official audit trail should an organisation need to evidence compliance attempts to the Information Commissioners Office (ICO), in the event of an early breach.
  3. Classify data – A record should be kept of where any Personal Identifiable Information (PII) is stored, who can access it and how it’s being processed. This refers to any data that could be used to identify someone either directly or indirectly and includes name, email address and phone number, to mention just a few. This classification should help businesses work out which data requires the highest levels of protection and enable them implement security mechanisms accordingly.
  4. Assess and prioritise – The first priority of the GDPR is the data subject’s privacy, so processing only a minimal amount of essential data is crucial. Organisations should run a Data Protection Impact Assessment (DPIA) to review all existing procedures and ensure that facilities are in place to fulfil a Data Subject Access Request (DSAR) or erase data on demand.
  5. Remedy and repeat – Where any gaps or areas of risk are identified, necessary steps must be taken to remedy them. Compliance is a continual effort, so maintaining this careful monitoring going forwards is crucial.

Ultimately, adherence to the GDPR will not only enhance protection from some unsavoury penalties, but also help to streamline processes, make data collection more transparent and invoke greater trust from customers and contacts.


So, it might seem like SMEs have a long way to go to achieve compliance, but it’s certainly a worthwhile journey.

How do I... get ready for the GDPR?