Share this content

GDPR for small practice

Where to go for help/resources on GDPR?

Didn't find your answer?

With the new legislation coming into force next year, does anyone have any recommendations/ideas as to how a small practice, with only two employees, neither of which have much IT experience, can approach this to ensure that they are fully compliant? With no dedicated IT department, it is tricky enough trying to understand some of the IT terms in the legislation, let alone know how to implement solutions for them. 

Does anyone have any advice?

Replies (4)

Please login or register to join the discussion.

By iandc6
17th Oct 2017 21:34

Hi @sacksuma - the ICO website is very useful. They've just announced some additional help for small businesses - they also have a really useful 12 step guide to GDPR - well worth a read. Keep an eye open for any updates from your accountancy body.

I hope this helps.


Thanks (1)
Mark Lee 2017
By Mark Lee
26th Feb 2018 16:17

Last year I was asked to raise awareness of the topic during the ICAEW Autumn practice roadshows. That meant researching things so that I could highlight the key points. I made clear then, as I do here, that I don't claim to be an expert and I'm certainly not a lawyer.

More recently I am aware that many people are offering summaries of the background to GDPR, of the legal position and are explaining in great detail how it will impact accountants and their clients. On the other hand, there hasn't been much in the way of genuinely practical guidance.

One key reason for the dearth of authoritative practical guidance for accountants has been that we are still waiting for formal guidance from the Information Commissioner's Office (ICO) on key topics. Until this is received some GDPR experts are advising extreme caution.

I'm hopeful the reality won't be quite as bad. In the meantime there are four things you could do as a small practice Sacksuma:

1 - Register as a Data Controller with the Information Commissioner's Office (, if you've not already done so. It costs £35pa and is NOT a new obligation!

2 - Audit your systems and processes so you are clear about how you obtain, use and retain personal data. You need to be clear and to keep a record as to how you obtain all personal data you hold, where it is held, who has access to it, who you share it with, how long you retain it, how you keep it uptodate and how secure it is (in all the various places it can be accessed).

3 -Brainstorm these issues with both of them as they will need to be aware of the new obligations too. They will need training in the obligations imposed by GDPR just as they need to understand their obligations under the Anti-Money Laundering legislation.

Start to plan what you will do to evidence your compliance with GDPR as of 25 May. I have created a list of the most common documents most firms of accountants will need to prepare. You can get a copy, with my compliments, here>>>

Thanks (0)
Share this content