Do you have customers, clients, employees or contacts within the EU?GDPR applies to any organisation, no matter their size, that is involved in processing personally-identifiable data about anyone in the EU (including the UK post-Brexit).
Does your business employ 250 or more staff?All businesses with more than 250 staff are required to comply with GDPR laws.
Does your business employ less than 250 staff?Some small businesses may be exempt from GDPR, although it may depend on the answers to the questions below.
Do you collect or store any personal dataIf you're collecting/storing any personally identifiable data (even names/emails/phone numbers,photos etc) about your customers, employees, suppliers or contacts, then it's probable that you'll need to comply.
Do you collect or store any sensitive dataGDPR is even more important if you are storing data about race, ethnicity, religion, politics, genetics, health, sexual orientation or criminal records.
Do you collect personal data regularly?If you're collecting personal data in the course of your business operations (e.g on your website), then it is highly likely this is classed as 'regularly'.
Do you process any personal data for someone else?Any organisation that processes any personal data about an individual that resides within the EU (or UK post-Brexit) is liable for GDPR.
Do you operate CCTV on your premisesIf you operate CCTV then you need to comply with GDPR laws.