How to prepare for GDPR

Having worked in quality assurance for 18 years, Fionnuala Hendrick set up Secure Helping Hand (SHH) to help businesses prepare for GDPR. 


Secure Helping Hand was born because I wanted to create a simple, easy to use, low-cost application that will allow professionals and SMEs become compliant with and maintain compliance with GDPR.

What is GDPR in a nutshell?

GDPR is designed to protect an individual’s privacy in an expanding online world and will replace the Data Protection Directive which was written in 1998. Businesses will have to demonstrate the processes and systems they have in place to protect personal data which in turn will help to protect people against fraud. GDPR creates a legal framework for businesses to share their personal data, offering them a new level of protection and transparency that did not exist previously.

“GDPR requires a shift in how businesses deal with personal information.”

What impact will it have on businesses?

Firstly businesses will need to determine if they are a data controller, data processor or both, and whether or not they need to register with the Data Protection Commissioner. They will need to document what personal information they hold, where it came from and why they are holding it, who they share it with and how they secure it. Businesses need to be able to respond to personal information requests within 30 days and need to include all personal data that they hold.

There are strict requirements for the processing of sensitive personal data where businesses have to identify not only their legal basis for processing but also the legitimate interests in relation to the processing of each piece of sensitive data.

“76% of people will request their personal data from former employers”

What will happen when GDPR arrives?

It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data, the regulation applies. Every business is affected, and under the GDPR principle of accountability, they are explicitly responsible for implementing the GDPR.

GDPR requires a shift in how businesses deal with personal information, from whether they need to have the data in the first place to how they secure and share that data. As online fraud and data breaches are expected to soar over the coming years, GDPR goes some way towards getting companies to directly address IT security.

The regulations cover how companies have to deal with data breaches and includes not only reporting them to the data protection commissioner but also to people whose data has been stolen, which in turn gives them the ability to quickly take action and prevent further harm to themselves.

“The loss of reputation due to non-compliance is likely to be way higher than the monetary fines.”

What are the dangers to businesses who fail to recognise GDPR?

Those that fail to demonstrate that they have at least started the process of implementing GDPR before the May 25th cut-off date will likely face higher fines than those who at least have taken some steps to address the regulations.

The UK Information Commissioner carried out a survey last year that indicated that 76% of people will request their personal data from former employers, for companies that don’t have the proper processes and procedures in place to handle the expected raft of both real and fraudulent requests, they will not be able to respond within the 30-day timeframe and will be open to fines and possible legal action. The loss of reputation due to non-compliance is likely to be way higher than the monetary fines as it will impact on trust which will not easily be regained.

“I am also involved in Acorns which supports early-stage female entrepreneurs living in rural Ireland.”

What are you most proud of since founding SHH?

I am proud of the Secure Helping Hand web application. It’s simple to use and enforces compliance rather than giving an appearance of compliance. I hope people will start to think about personal information differently because GDPR requires a change in mindset for most businesses in the way they manage their data assets.

What is the toughest part of running your own business?

For me, the toughest part of running a business is how to market an application relating to something as dry as the GDPR. However, I am on an Excell STEM course at the Rubicon in CIT and have gotten some great insights and mentorship from that program.

I am also involved in Acorns which supports early-stage female entrepreneurs living in rural Ireland and through this programme and networking with the participants I found my both my confidence and my marketing insights growing.

Where do you see the business in five years?

In five years, I hope to be employing around 12 people fulltime and exporting to both the EU and globally and to be considered the expert in regulatory compliance.

What advice would you give to any aspiring entrepreneurs who want to start their own business?

I would advise any aspiring entrepreneur to look for programmes designed specifically for entrepreneurs, as they will guide them through what is involved and will give them the tools they need in order to succeed.

It is important to understand that you will be fulfilling all the roles in your business initially. The most important thing I could say would be to go for it, whether you succeed or fail you will learn so much on the way that it will be worth it.

Article by Stephen Larkin.