Brilliant Little Business
Share & Show You Care

GDPR For Small Businesses

How relevant is GDPR for small businesses when there's just you involved?

Most of my clients tend to be sole traders or employ very few people, often outsourcing much of the work they don't want to do themselves to Virtual Assistants.

As most of what you read seems to refer to HR Departments and multi national companies, it would be easy to make the assumption that GDPR, the General Data Protection Regulation that comes into effect in May 2018, doesn't really matter for small businesses.

But you would be so very wrong! And working out what GDPR means for your small business may well increase your stress levels

GDPR for small businesses - getting stressed?


If you (especially your website) collects any kind of data then you ARE affected. For example, do you know if your website uses cookies?

I knew you probably wouldn't know.

Here's a very detailed article concerning GDPR for small businesses

Do you collect your visitors email addresses, maybe in return for a download of an e-book?

If either of these 2 simple examples are true then you need to pay attention because YOU NEED TO TAKE ACTION.

And how about this one...

Do you keep your customer contact details (email address, phone numbers) on your mobile phone?

I'm sure you do.

How secure is that data if you lost or had your phone stolen? Unless you have fingerprint or face recognition security on your mobile it might be construed you are not taking the security of your data seriously.

The following video is a good clear introduction and the link above is to a very detailed explanation of the rules and what you particularly need to be aware of.

It's important I point out right here that I cannot give advice on the subject of GDPR for small businesses and the information and resources I provide here is to help you identify what you need to know and assist in your own research. You may well need to take professional advice as to how GDPR will affect you and your business specifically.

Here's a big take away re GDPR for small businesses:

Your website is a huge giveaway.

It is there for anyone in the world to see.

If you are not compliant with the GDPR rules (ie incorrect, or worse, no documentation) then you are in full and very plain view of everyone - your customers and clients, competitors, enforcers and regulators.

There is no hiding place!

What action should you take re GDPR for small businesses and in particular - YOURS?

The first step is definitely to make sure you understand the requirements.

You may need to make some adjustments regarding your use of data and in particular what information you ask for. For instance, do you really need to have details of a customer's address or age? If you are not going to use that information then you shouldn't be asking for it.

You need to fully understand what you do with that data and where it goes.

You need to review your contracts (arrangements) with your suppliers to ensure they are compliant.

Think about the security of your electronic data records - what would happen if you lost your laptop or mobile phone?

And you must make sure you are using suitable documentation on your website AND it is displayed appropriately - requests for consent can no longer be hidden in small print but must be presented clearly, and separately to other policies on your website or communications – so no more pre-ticked boxes if you wish to contact customers for marketing purposes for example.

Good luck!

Subscribe below to receive a notification whenever a new article is published