5 Small Business Data Protection Laws Compliance Tips

Tue, Jul 21, 2020
By: Steve Clopton
5 Small Business Data Protection Laws Compliance Tips

Data protection is a priority for small businesses. A single data breach can cost thousands of dollars in revenue and do irreparable damage to your company’s reputation.

At Gilmore Services, we understand because we work with small business owners every day. One of the most common questions we hear is this:

What’s the best way to stay up to date with data protection laws?

We love that question because it’s one that plays into our areas of expertise. As a NAID AAA certified data destruction company, we take pride in our ability to help businesses with compliance. Here are 5 small business data protection compliance tips to help you.

#1: Research Your Data Protection Compliance Obligations

The first tip is to make sure you understand your compliance obligations. Depending on the nature of your business, you maybe bound by one or more regulations.

Some of the most common laws that relate to data protection include:

  • Sarbanes-Oxley
  • Florida Information Protection Act
  • The Alabama Data Breach Notification Act of 2018
  • Gramm/Leach/Bliley
  • Privacy Act
  • Payment Card Industry Data Security Standard

Each one of these laws has specified provisions for the proper management and disposal of documents or devices that contain personally identifiable information. It’s your job as a business owner to make sure you adhere to all laws that apply to you.

#2: Create a Document Retention & Destruction Schedule

Once you know what your obligations are, the next tip is to create a schedule for document retention and destruction. The schedule will help you stay on track by identifying which documents need to be destroyed and when.

Creating a detailed schedule will minimize your risk of a data breach or compliance failure. It can protect your business reputation and your clients’ personal information, while removing much of the stress of compliance.

#3: Don’t Try to do Everything Yourself

The most common mistake small businesses make when it comes to data protection is trying to do everything themselves. While you  might do a good job, there are some potential risks associated with DIY document management and data destruction.

The biggest risk is that you might improperly destroy data that could then be stolen. The average data breach costs $3.92 million in the United States, and that cost is expected to rise every year. Other risks include unauthorized employees accessing data and documents and documents getting damaged or misplaced.

#4: Partner with an Experienced Document Management & Destruction Company

The best way to ensure that you comply with regulatory requirements and avoid data breaches is to partner with an experienced document management & destruction company. 

Gilmore Services has a NAID AAA Certification. To be NAID certified, companies must submit to rigorous testing and auditing related to document destruction, including adherence to regulations and use of the best available data destruction methods.

In addition to our NAID certification, we are insured with proper professional data breach liability insurance. That means you’ll be covered in the unlikely event something happens to your data. We will provide you with secure document shredding bins where you can place your documents to be shredded according to your schedule.

#5: Update Your Retention Schedule Regularly

The final tip we recommend is to stay on top of your retention schedule and update it regularly. While major changes to regulatory requirements are rare, laws can change. It’s important to stay on top of your schedule and make sure that it’s working properly.

You’ll also want to make sure to train your employees and make compliance training a priority. New employees should be trained as soon as possible, and existing employees should receive ongoing training as needed.



Data protection needs to be a priority. By following the 5 tips we’ve included here, you can be sure that your business will remain in compliance, and that your valuable data and documents will be protected.

Need help creating a document retention and destruction schedule? Click here to learn about our services!