GDPR: Big Changes for Small Businesses? 


GDPR: Big Changes for Small Businesses? 

GDPR: Big Changes for Small Businesses? 

There’s a lot of scaremongering around GDPR. It seems that the moment you mention GDPR in the next breath 20 million Euro fines are mentioned. The thing is, GDPR is just an upgrade of the Data Protection Act. It’s polishing up your systems and sharing with your leads and customers how well you look after them.

There has been so much conflicting information out there so I hope this article goes some way to helping you clear a way through it all. I must add at this point that we are not lawyers, but we have researched GDPR considerably and believe this information to be true. The links at the end of this page will help you to complete your own research to fully understand the issues.

To alleviate your fears, as a small business owner it is unlikely that you’ll be given a whopping fine on the 25th May because you’re not fully compliant, but you should now take steps to become compliant, tick all those boxes to show you’re being responsible about the data you hold. The biggest danger is that with consumers being so much more clued up these days, you could have a complaint made about you – in this instance you’ll need to show you’ve made all those responsible moves towards compliance.

Key areas to polish up

GDPR is about protecting the customer. As a small business owner you will already be protecting your customer’s data to a certain extent, because you don’t leave your client data wide open for your competition to steal it from under your nose. But there is more you can do.

The simple things like encrypting your work mobile phone, and your work computer. You probably do this already in case your laptop gets stolen.

If that’s the case GDPR won’t be tough at all for you. If you’ve got this on your to-do list, then now would be the time to move it to the top of the list.

Your Suppliers

Next up is to jot down your suppliers and the tools that you use. Things that capture leads on your website, email service providers, web hosting etc. When you have your list, you can see how they’re GDPR compliant. If they’re not, email them and ask them. This task can easily be outsourced to a VA and is known as a compliance audit.

Your suppliers, the people who help process your data, are now jointly liable for GDPR with you. This means they have a vested interest in becoming GDPR compliant. Should you have one, your Virtual Assistant will advise you because she’s also implicated if you decide to breach GDPR. In fact, you’ll find it pretty hard to find a VA to work with if you insist on working in non-GDPR ways. 

Acting on your audit

If you see that a company you’re using isn’t covered by the Privacy Shield or other EU approved scheme, then you can look at alternatives. Big businesses like Microsoft and Google know that you’re going to be looking for GDPR information, and they’re complying. A smaller business that’s a start-up or bootstrapping may not be. Here you can decide on what you want to do – move to another company that protects your data or tell your clients that you use this option and they’re not GDPR compliant. The client will then make a decision whether to work with you or not. They may not like having their personal details available on an insecure server farm in war-torn country. 

Acting on your audit may mean gaining consent in the instances you didn’t have it – GDPR Consent Video

This isn’t something to fear, but something that will make your marketing more effective.

Contracts and policies

Contracts help you protect your business and preserve your boundaries. Policies are a more formal outline showing your customers and prospective customers how you work. Again, nothing scary and I bet you have policies on your website already.

You should now update your Privacy Policy to show your customers how you collect, process and store their data, by the 25th May 2018. The ICO says you should also contact your database outlining your updated Privacy Policy.

This is the start of becoming GDPR compliant

There are many small business owners running around buying policies, copying them onto their website and thinking they’re now GDPR compliant. It’s more than that, it’s a change in mindset, a complete process and change for life. It’s a new level of openness about the way businesses work and protect their clients. This means checking your systems on a regular basis. It means keeping your customers and prospects updated, and it means showing them that you’re looking after their data.

Your database and consent

You’ll need to check you’ve had the correct contact permissions in the past – this means looking at your current database and satisfying yourself that you have absolute permission from your contacts to send them marketing information. You may need to reconnect with them and get re-consent. Do this before the 25th, but consider first sending a few awesome, value packed, content rich emails prior to asking for re-consent. The chances are you’ll lose a proportion of your list, but if they’re going to hit that unsubscribe button then they’re no longer interested in your content, and therefore are unlikely to convert to a further sale. Use this as an opportunity to tidy up and clean out your list.

As a small business owner who is trying to be GDPR compliant, you’ll find that you’ll grow your business. People like to feel safe, and by showing that you’re doing everything that you can to keep their data safe will give you the small business advantage. 

If you need help with GDPR, then check out the links listed below.

Useful GDPR Resources:

The ICO is the Information Commissioner’s Office – the supervisory authority here in the UK.

GDPR ICO advice – The ICO Guide to GDPR

GDPR ICO – 12 steps to take now

GDPR ICO – Data Protection Self Assessment 

Koffee Klatch for GDPR support

Koffee Klatch – GDPR Process

Suzanne Dibble’s GDPR Facebook Group – GDPR for online entrepreneurs

Suzanne Dibble’s GDPR Training Videos



Related Posts


Share This

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.