Inboxes filled to the brim with GDPR opt-in emails.

Dozens of “GDPR consultant” roles propping up from nowhere.

Waiting hours on the phone to speak with the Information Commissioner’s Office (ICO).


It’s been a mad dash this week for last-minute GDPR readiness.

Thankfully, ICO seems to have everything under control…

ICO small business GDPR

Since November last year, we’ve covered a range of topics that concern GDPR.

Now that times running out, what’s left to say?

[View our previous articles here]

New GDPR pages published by ICO


GDPR Codes of Conduct for small businesses


So a “code of conduct” demonstrates how you follow the correct procedures. These can differ between sectors and size of businesses, GDPR isn’t the same for everyone. In this new section written by ICO, they detail how trade associations or bodies that represent your sector of work can draft up a code to be approved.


They will be looking for:

  • Whether the monitoring body is independent
  • Has expertise and knowledge of the sector
  • Follows the GDPR data principles


There are still unanswered questions, how long does it take to be approved and what will the costs be? ICO says signing up is voluntary, but with no current “approved authorities” out there, not much more can be said.

At first glance, this appears to be ICO appointing power to cut down on cost. We will keep our ears to the ground and be writing about this at a further date.


GDPR Certification for small businesses


Certification is a way of demonstrating that your data processing is in line with GDPR requirements. ICO specifies that being certified is voluntary and approval would reflect the needs of your business.


Who carries out the certification?

“Certification schemes under GDPR will be approved by the ICO and delivered by approved third-party assessors.”

Expect “GDPR assessor” companies to burst into view these coming months…


Why get it?

  • Customers peace of mind
  • Competitive advantage
  • Transparent and accountable business


If your business does consider certification, then this would be valid for a maximum of three years, subject to reviews.

At this moment in time, there is no mention of what the cost is to become certified.


The new data protection act 2018


If the new laws have taught anything, it’s that GDPR doesn’t stop after the 25th May. In their latest article, ICO specify how this is an evolution in how businesses operate; 2000+ pages of terms and conditions are a thing of the past. There is no off-switch to the maintaining of privacy and security risks.


There is no better way to keep yourselves secure than having a reliable data security service. At Direct365, we offer the complete destruction and disposal of personal information. Whether that’s ID cards, paper or hard-drives we can discreetly get rid of anything that could put you at risk.


All services, be that a regular or one-off comes complete with a certificate of destruction. You have the proof and the clarity that your business is keeping in line with the latest requirements.


Have a look at our confidential shredding service.

SME data security