Always encrypt your data! This includes at-rest encryption (i.e. encrypting your laptop harddisk) and in-transit encryption (i.e. encrypting the emails that are exchanged within the company and to the outside whenever possible).
For harddisk encryption, find a how-to here:
https://www.howtogeek.com/234826/how-to-enable-full-disk-encryption-on-windows-10/ (Windows)
https://support.apple.com/en-us/HT204837 (Mac)Maintain a meaningful password policy:
Use a secure password (10 characters minimum length, include upper case and lower case letters, at least one number and one special character (e.g. @#$%&*())
you can check password strength e.g. at https://howsecureismypassword.net/
Suggestion: If you are using Google Chrome, you can use the built in password suggestions and password manager. Firefox provides a similar service called Lockwise.Do not use the same password to secure more than one account!
Choose to login via your showheroes.com Account (which is a Google account) where possible. This uses a secure connection to exchange your user credentials.
Do not disclose your passwords to anybody!
Reset your password regularly (at least once a year).
Keep in mind the scope of your required compliance. The GDPR applies to all kinds of personal data: names, addresses, emails, card details, IP addresses, cookies and even social media posts!
Avoid data collection and restrict yourself to what is necessary for running the business.
Manage space
Manage content
Integrations