You may think because you have a password on your laptop that your data is protected. However; this is not always the case. The basic Windows password offers very little protection of your data on a laptop should it be stolen.
There are many readily available tools designed for breaking Windows passwords but even without breaking this password the drive can often easily be removed from the laptop and connected to any other computer and the data on that drive can then be read. With GDPR, protecting your clients data is now a priority and a lost laptop could mean your clients data ends up in the hands of the wrong people.
What you need to do is encrypt your drive and thus your client data so should it be stolen it cannot be read without knowing the encryption password and breaking encryption passwords is significantly more difficult than breaking a windows password.
The latest version of Windows comes with its own encryption capability, called Bit Locker. Setting this up requires some knowledge, in particular making a record of and keeping secure the recovery key generated by the encryption process. If you don’t have this key and forget your password, you will find it as difficulty as any hacker to get back to your documents.