The only "personal" data we have would be email addresses and telephone numbers for a select few past customers and employment agencies that more often than not secure contracts for us; we class it as personal as its john@companyA.com and Claire@companyC.com which as we understand it is classed as "personal".
We handle our emails through Yahoo who encrypt the data and contacts with a password we choose and we also have a password protected list of contacts etc.
Our ONE company asset is a password protected laptop and our data is backed up in the cloud using Zoolz which is an encrypted "cold storage" online provider and iur accounts are handled through another password protected provider.
We understand that GDPR applies to us but are very unclear to what extent and what obligations we have .. until recently we assumed it didn't apply!
Can you point me to anything that can simplify the process for us; most of my time is spend working onsite at our clients.