GDPR & UK Data Protection Compliance Check

Why this matters

UK GDPR and the Data Protection Act 2018 apply to almost every business that handles personal data — customer names, email addresses, employee records, even CCTV footage. The ICO (Information Commissioner’s Office) has the power to fine businesses up to £17.5 million or 4% of annual global turnover, whichever is higher, for serious breaches. Smaller businesses are not exempt: the ICO has issued enforcement notices and fines to sole traders, charities, and small limited companies for failures like unencrypted data loss, unlawful marketing emails, and missing privacy notices.

Beyond fines, non-compliance creates real operational risk: data breaches damage customer trust, can trigger mandatory reporting to the ICO within 72 hours, and may require notifying every affected individual. Many B2B customers and procurement processes now require evidence of GDPR compliance before they’ll work with a supplier. Getting the basics right — a lawful basis for processing, a privacy policy, secure storage, and a process for handling data requests — protects both your customers and your business.

What you'll need

• A list of the types of personal data you collect (customers, employees, suppliers)
• Knowledge of where that data is stored (CRM, spreadsheets, cloud services)
• Your current privacy policy, if you have one
• Details of any third parties you share data with (payment processors, email tools)
• Whether you've appointed a Data Protection Officer (if required)

What you'll get

A personalised compliance report covering: a score out of 100, an executive summary, a list of findings ranked by severity, and a prioritised action plan with timeframes.