2024 GDPR & Cybersecurity Epic Bundle
2024 GDPR & Cybersecurity Epic Bundle - featuring 8 digital products for less than half price

GDPR is an ongoing process, my GDPR Data Classification & Cyber Security Template helps you to understand your business risks

Data protection and GDPR are not one off exercises, so I have created an easy to understand spreadsheet to help you make sense of your data, identify risks and meet some of the accountability principles of the legislation.


General Data Protection Regulation (GDPR) is really (Analog & Digital) Data Protection, and for a small to medium sized business knowing where to start with GDPR can be a nightmare. It is important to understand though that most GDPR tasks are something you probably needed to be doing anyway or probably already do without realising, namely:


Business Process, Shadow IT, Retention, Marketing, Rights/Sharing, DLP/BC/DR. Responsibilities & Legal Requirements


Think of this as a series of questions about your data when it comes to personal information. What do you hold, Who do you have data on, Why do you have it, Where is it stored, When did you get it, How did you get it, etc. etc.

GDPR questions to ask

These questions need to be answered to classify your data for GDPR and decide whether a Data Protection Impact Assessment (DPIA) is required, no matter the size of your business. For small and medium businesses a good starting point is my GDPR Data Classification Template which lists over 60 types of personal data that you might be holding and the basic questions that need answering, spread across 5 worksheets (don't worry, 4 are optional).


The template can also be filled out to help manage Shadow IT and general IT security management. Finally there is the new 'User Permissions Tracker' so if an incident does occur you can see what has the potential to be affected.

GDPR Data Classification Template

Each section is colour coded, with any variations of a yes/no answer ready for you to just copy and paste.

Buy the GDPR template

Once you have filled in the main spreadsheet, you can move onto the detailed Where sheet, which helps identify more granular risks and of course, exactly where the data is.

GDPR Data Classification Template - Where in detail
GDPR Data Classification Template - Where
Buy the GDPR template

There is also the detailed 3rd party Access sheet, which helps identify who has authorized access to your systems and the associated supply chain risks to your organisation.


You can fill everything with little or no knowledge of GDPR, all that is needed is a good knowledge of your business. The templates also double up as a shadow IT report or can be used as a starting point to give to a GDPR consultant.


If you are looking for a GDPR consultant, one I highly recommend is Athene Secure, check them out at:

www.athenesecure.com just mention Nick or Boolean please.

Knowing who has access to what is important in a crisis, but also important when someone leaves or moves to another business function or team. Also, in many organisations logins are given to suppliers, consultants, contracts and other third parties, as well as internal staff. The User Permissions Tracker spreadsheet lets you at a glance see who has access, who is an admin and how many of your users and systems are protected by two-factor authentication or similar cyber security technologies.

In summary, here are the component worksheets in the GDPR Data Classification & Cyber Security template:

  • GDPR - data classification and overview
  • WHERE - detailed where is your data breakdown
  • ACCESS - detailed 3rd party access breakdown
  • WHY - business function
  • PERMISSIONS - user permissions tracker

Each worksheet after the initial data classification and overview is optional, though I recommend filling out all the worksheets to truly get the most out of the system.

Buy the GDPR template

User Permissions Tracker (standalone version)

The User Permissions Tracker is also available as a standalone spreadsheet - FREE / PayWhatYouWhat download.



A Practical Guide to Cyber Security for Small Businesses

A Practical Guide to GDPR for Small Businesses

Author: nick ioannou

The General Data Protection Regulation or GDPR is a 57,500+ worded legislation that applies to every business or organisation that handles personal information of living EU and UK citizens, regardless of the size of the organisation. For many small businesses, complying with GDPR is a daunting task, but it doesn’t need to be. This book offers practical, step-by-step guidance for what needs to be done to meet the ongoing requirements of the legislation in the form of Who, What, Why, Where questions about your business, together with an understanding of the six principles and the eight rights of individuals.


This eBook is included for free with any GDPR Data Classification & Cyber Security Template spreadsheet purchases from this website.

Buy Now - Amazon Kindle version - £14.95

Other GDPR Resources

GDPR For Dummies by Suzanne Dibble

Publisher: John Wiley & Sons (25 Nov. 2019) - Paperback & Kindle 464 pages

  • Implement the key requirements of the GDPR
  • Understand how the GDPR affects your business
  • Plan how you'll deal with a data breach

Suzanne Dibble is a business lawyer who has advised huge multi-national corporations, private equity-backed enterprises, and household names. Since 2010 she has focused on small businesses, combining her knowledge of large organizations with a deep appreciation for entrepreneurship, especially online businesses, to provide practical, relevant advice.


For guidance on Data Protection Impact Assessments (DPIAs) see the UK Information Commissioner's Office (ICO) http://bit.ly/ICO_DPIA which also includes a sample DPIA template for you to adapt if you wish. 


To directly download the template visit: https://ico.org.uk/media/for-organisations/documents/2258857/dpia-template-v1.docx 


Or alternatively you could use the free DPIA software by the French Data Protection Authority, at: http://bit.ly/CNIL-pia


UK ICO Resources

Data protection self-assessment toolkit for SMEs



Data Breach Reporting webinar


2024 GDPR & Cybersecurity Epic Bundle
2024 GDPR & Cybersecurity Epic Bundle - featuring 8 digital products for less than half price