A few years ago I was running some GDPR Implementation classes for small businesses and each week, we had a Q&A call where anyone with questions could come onto the call and get an answer. It became a running joke that my initial response was always “it depends” and the right thing to do always depended on the individual set of circumstances.
Although it would be lovely to think that data protection legislation was all easy to understand and you could just ask a simple question and get a response, the right thing will frequently depend on a set of circumstances. It’s not black and white, there is lots of grey which needs to be understood too.
When I did my data protection training, I spent the first three days having no idea what the instructor was talking about. It was just lots of information that did not fit together. There seemed to be no relationship between the information being provided and then we started to be told how the pieces linked together. So I can sympathise with my clients who struggle with certain aspects of compliance and understanding what they need to do.
On a business page the other day someone had posted about getting a letter from the ICO about needing 
to register and pay the fee. They had read the letter, visited the ICO website and taken the self assessment but were still struggling with knowing whether they needed to pay the fee or not. I had a quick call with them and went through the self assessment to help them understand whether they needed to register or not. It was a free call under our GDPR helpline service.
You can use the free helpline service when you are stuck in the grey areas and not knowing what the best thing to do is. That’s what I am here for, to provide expert advice. You wouldn’t complete your own financial accounts without some understanding, so why struggle with data protection.