Running a Compliant Business
Is My Business Compliant?
A plain-language self-check across the key areas of the Act, so you know where you stand and what to fix first.
What you will learn
- The key areas the Act expects you to cover
- A simple way to check where you stand
- How to prioritise the gaps you find
- Where to go next for each area
Overview
Compliance can feel vague until you break it into concrete areas. This module is a plain-language self-check across the parts of the Act that matter most for everyday businesses. Work through it honestly, note your gaps, and tackle them in order of risk.
Why this matters
You cannot fix what you have not measured. A quick, structured self-check shows you where you stand and stops you from spending effort on the wrong things.
The self-check
Go through each area and ask whether you can answer "yes" with confidence.
Know your data
- Do you know what personal data you hold, where it lives, and why? See What is Personal Data?
Be transparent
- Do you have a clear, current privacy notice that people can find? See How to Create a Privacy Notice.
Have a lawful basis
- For each use of personal data, do you know your lawful basis? See Do I Need Consent?
Respect people's rights
- Could you handle an access or correction request calmly and on time? See Understanding Data Subject Rights.
Keep data secure
- Are access controls, backups, and basic security in place? This is the seventh standard.
Manage processors
- Do you know who processes data for you, and do you have written contracts? See Who is a Data Controller?
Set retention
- Do you delete or securely dispose of data you no longer need?
Plan for breaches
- Do you have a simple plan for when something goes wrong? See What to Do If You Have a Data Breach.
How to prioritise
Fix the highest-risk gaps first. For most small businesses that means, in rough order:
- A clear privacy notice.
- Basic security around your most sensitive data.
- A plan for requests and breaches.
- Retention and processor housekeeping.
Common mistakes
- Trying to fix everything at once and stalling.
- Treating compliance as a one-time project rather than an ongoing habit.
- Ignoring the basics (a notice, security) while polishing minor details.
Best practices
- Repeat this self-check at least once a year.
- Keep a simple action list with owners and dates.
- Re-check whenever your business adopts a new tool or data use.
Put this into practice
Use the platform tools to turn this self-check into concrete, tracked actions.
Run a compliance checkFrequently asked questions
Key takeaways
- Compliance is a set of practical habits across a handful of areas.
- Use this self-check to find your biggest gaps, then close them one by one.
- You do not have to be perfect overnight. Steady progress is what matters.
- Each area links to a module or tool that helps you act.
