GDPR Toolkit: Ideal for Sole Traders and Micro Businesses
Many sole traders and micro businesses struggle to maintain profitability in today’s economy, with increasing red tape taking them away from the actual business of working and making money. Our GDPR toolkit is an affordable way for you to work through your compliance requirements quickly and easily, without having to spend hours trying to:
(a) understand the legislation & how to draft legal documents, policies & procedures;
(b) become an expert on IT & cyber security;
(c) practically implement both;
(d) documenting all of the steps taken in (a) to (c) above!
Not to mention understanding what you can or cannot do when marketing, how to map your data and whether or not you should have been paying the ICO’s data protection fee since you started trading!
What is the toolkit?
The GDPR Toolkit is a set of advisory documents, checklists, policies & procedures which help you to achieve GDPR compliance for your small business. The toolkit is e-mailed to you in Word format for you to complete. It is not a full consultancy service but neither is it a total DIY offering, as we will not sell you a legal product with no supervision. As professionals we believe total DIY solutions are unethical.
You will need to work through all of the exercises in our toolkit yourself, with regard to how they apply to your business, which does take time. Not all of the exercises in the toolkit may apply to your business, and all of them are generic for the general use of sole traders/micro businesses, and hence will need some basic amendment – which we will help you with. However by the end of the toolkit you will be in a much stronger position to understand GDPR and to maintain compliance yourself going forward, on a practical basis. Use of the toolkit will make the process of GDPR compliance much, much simpler than if you try and tackle everything alone. The guidelines and checklists are easy to use, and can be worked through at your own pace to evaluate and ultimately achieve compliance.
The toolkit includes:
- Free Initial Consultation. We include a free 30 minute telephone consultation with our toolkit, allowing you to ask questions and to work through any problems you may have or things you don’t quite understand;
- Data Mapping & Risk Assessment. With practical examples, we guide you through how to map your data. If you don’t know who you get data from, where you store it and where it goes, how can you protect it?
- Legal Principles and Rights. This document provides a good overview of GDPR and introduces you to the seven principles and eight rights, including how they affect you practically. We also examine your lawful rights of process.
- Physical Security Requirements. Included are common sense precautions, for example clean desk policies, office security, paper waste disposal etc;
- IT. We look at cyber security, use of CMS systems, encryption, document management & storage and use of websites & e-mail. We also give practical advice regarding the use of suppliers who may store your client data outside the EU e.g. cloud services;
- Personnel. Management of the data of potential, current and past employees;
- Contracts. We look at which contracts and legal documents are likely to require to be amended in order for you to be GDPR compliant, for example employment contracts, supplier contracts, privacy & cookie policies and also Data Processor Agreements; and
- Policies and Procedures. We provide pro-forma Cookie & Privacy Policies, in addition to other polices and documents you will need, for example a Policy dealing with Subject Access Requests (‘SAR’), Data Breaches, an IT Policy etc etc.
We are happy to sell parts of the toolkit separately as we do acknowledge that our clients often have differing needs and may not be able to afford the entire toolkit up-front. Please contact us for further details.
What if I get stuck?
The Toolkit is ideal for uncomplicated businesses such as sole traders and micro businesses of under 10 employees. If you find you need extra help and support while using the toolkit, we are very happy to provide this to you for a small, reduced fee compared to our regular consultancy fees. This could be anything from drafting a Data Sharing Agreement to updating your employee terms and conditions.
When you purchase the toolkit, in addition to an initial 30 minute telephone consult, we provide you with reasonable e-mail assistance for three months from the date of purchase, in addition to reviewing your completed compliance statement, policies & procedures and data mapping. We will also forward onto you any necessary updates or additional documents that we may decide, at our discretion, would be a useful addition to the toolkit.
Can larger businesses use the toolkit?
Although not recommended for compliance by larger businesses, if your business is very simple with little personal information involved, of low risk, the toolkit will at the very least provide good background reading and allow you to make a start on compliance. This could be done perhaps in conjunction with some consultancy services in areas where you find compliance challenging or where compliance must be demonstrated precisely & professionally – for example if you work with local authorities or other official bodies.
I can find cheaper products elsewhere! Why should I use you?
There are certainly much cheaper products on the market. However, you do get what you pay for. Our toolkit combined with our telephone and e-mail advice ensures that compliance is not a guessing game. The process is quick and easy, and we are happy to guide you through each step in addition to periodically reviewing your work and highlighting areas where you may need to improve on what you have done so far. We also review your finished compliance statement to make sure you are as far as possible, GDPR compliant.
Why don’t you do a total DIY version?
DIY toolkits are becoming popular, particularly the very cheap ones which promise the moon with little or no work required by the purchaser. Just buy the pack and as if by magic you are GDPR compliant! However such products cannot and do not ensure you are compliant, particularly as they come with no specific advice relating to your company. Any additional support you find you do require invariably comes at an extremely high premium – if available at all. Many of these packs are drafted by non lawyers, with no GDPR or data protection experience. In some cases the ‘pack’ is simply information copied from the ICO’s site and pasted onto the sellers headed paper. You can get this information for free.
As legal professionals, we do not believe it is ethically right to sell a product that does not do what it says it will. Would you buy a DIY castration kit from your vet or a DIY tooth extraction kit from your dentist? I hope not. Even more, I hope the vet or dentist would not offer to sell such a product to you. Law is no different and by using a DIY pack you are both wasting money and making yourself vulnerable to fines for being non compliant.
How can I buy the toolkit?
The DIY Toolkit costs £750. Our Terms and Conditions apply to your purchase and you should read them over carefully, as once the toolkit is e-mailed to you, we do not provide refunds. To order the toolkit we ask that you complete our Order Form in the first instance so we know more about you and your company. We will then contact you at a time which is convenient to ensure the toolkit is the most cost-effective method for you and to arrange payment.