Under GDPR, there is a range of expectations on businesses, the most difficult being the requirement to document and maintain records to demonstrate their compliance. This means showing evidence that you have seriously considered what personal data you process, and on what lawful basis you are doing so. You’ll also need to demonstrate that you have evaluated any high-risk areas to the individuals whose data you hold – for this you’ll need to show data protection impact assessments, otherwise known as DPIAs.


Most larger organisations will likely have teams, departments, procedures and templates already in place that they can adapt to their GDPR compliance process. This isn’t the case with smaller companies, especially micro businesses and sole traders; it’s important to remember that the law is about personal data, and all businesses are expected to adhere to it.


That’s why we have developed our toolkits.


Each toolkit is designed with Small Business Owners in mind, and they have been drafted using plain English.


Where jargon is unavoidable, we have included explanations in the documents and the guidance notes, and we welcome any additional queries to add to the FAQs we are building.  


The packages are ranged according to business size (number of employees) and budget:


Sole Trader

Micro Business         2 to 9 staff

Small Business        10 to 49 staff

Medium Business     50 to 249 staff 


The Toolkits are kept updated and current as new guidance is issued by the relevant supervisory bodies – all our subscribers are sent the very latest documents, and if new ones are added within a period of 12 months after the Toolkit is purchased, we will ensure they are forwarded free of charge.






We are happy to answer any questions or issues regarding the toolkits that aren’t consulting-related. Please send us an email with your query to info@spheredataprotection.com.