Question 2 - Do you store or host customer or client data?
On your own IT equipment:
If you suffer a cyber attack resulting in a data breach then ICO and GDPR regulations apply, irrespective
of size. Companies will be even more accountable under GDPR than under current legislation. Under
GDPR, if an organisation doesn't process an individual's data in the correct way, it can be fined.
If it requires and doesn't have a data protection officer, it can be fined. If there's a security
breach, it can be fined.