Many of my VA friends and clients have been asking me about GDPR which came into effect as of 25 May 2018.

There’s been mass confusion AND there seems to be many people who are profiting from that discomfort.

I’ve spent around £500 on so-called compliance so far, and some of that money was a complete waste due to scaremongering. I just didn’t realise that at the time. Sigh.

So, here’s what I ended up doing to wade through the GDPR panic:

I ended up buying a GDPR pack from Suzanne Dibble as I have already been using her contracts within my business and was confident with her approach.

I then booked out all of Saturday to work through everything, and it’s safe to say I’m about 95% of the way there.

If GDPR is on your radar and you’d like to learn more, Suzanne’s pack can be found here and includes seven modules:

  1. Email for refreshing consent, GDPR compliant privacy policy, GDPR checklist inc processing checklist
  2. Data processing inventory, Legitimate Interests Assessment form, Data transfer checklist, Processor Agreement
  3. Marketing checklist, Records retention policy, DPO checklist
  4. Employer checklist, Employee privacy statement
  5. Employee subject access request form, Response to employee subject access request
  6. Cookie policy, Subject access record
  7. Data breach record, Data breach checklist, DPIA form, Data Retention Policy


Even if you’re not investing in a GDPR pack from Suzanne (or anyone else), do check out the content on the ICO website to ensure you’re well on your way to full compliance.

For complete transparency, the link is an affiliate one and I may receive a small percentage if you go on to purchase the GDPR pack. However, you can be assured that I only ever recommend resources that I trust.