GDPR For Small Businesses: What It Means For Your Business

By Purplebox Digital


Over the past year, there has been plenty of talk about the new and upcoming GDPR legislation. No matter if you’re a large international corporation, or a small local business, GDPR affects everyone who deals with EU customers.

If you’re a small business that holds personal data of any EU citizen (that includes UK citizens), then you must be GDPR compliant before May 25th, 2018. Failure to do so and you risk facing fines in the millions.

Worryingly, according to the Financial Times, fewer than 1 in 10 businesses are currently GDPR compliant while under 1 in 5 are unaware of the forthcoming regulation.

With so many small businesses not GDPR compliant and the deadline just around the corner, we’re here to help you become compliant just in time. To get things started, let’s take a quick look at the upcoming legislation and what it means for your business in general.

GDPR Overview

The General Data Protection Regulation or GDPR for short is a new form of legislation that affects all businesses who store personal data from EU citizens. It replaces the old Data Protection Directive and forces companies to take greater care in how they save and use EU citizens data.

The good news is that if you’re already compliant with other Data Protection Acts in the UK, then there’s not much you’ll need to change. However, with that said, there are a few new changes that might require you to change your current data protection policy.

GDPR Checklist For Small Businesses

Becoming GDPR compliant might seem like a time-consuming challenge, but if you know how to review your current procedures, then it’s not that hard. Here are the steps you should take to evaluate your businesses data protection policy and to look for any potential weak areas.

Perform A Data Audit

The first thing to do when reviewing your current data protection policy is to perform a data audit. This means checking all the current personal data and information you have on file and asking yourself some simple questions such as:

  • How did you collect this data?
  • Did you ask for consent to use it?
  • Where is the data stored?
  • Is it sent to or used by any 3rd parties?

These answers will help you identify weak spots in your current policy. If you’re not sure how you collected the data or if you asked for consent or not, then that’s clearly an issue that needs to be looked at. By getting an overview of the current data you hold and how you use it, you’ll be able to see which areas need improvement to become GDPR compliant.

Review Current Policies

Once you’ve checked all the current data you hold on file, you’ll want to take a look at your current data collection and privacy policies. One of the new changes with the upcoming GDPR legislation is that customers have the right to be forgotten. This means that at any given time a customer can request you delete all of their personal information from your system permanently. Making sure you have a policy or procedure in place to handle a request like this is essential.

The chances are you’ve never had to think or plan for anything like that before. But like we mentioned earlier, these new changes will take a while to implement so it’s crucial you don’t leave it too late.

Delete Unnecessary Data

After you’ve reviewed your current data on file and data protection policies, it’s time to perform a data cleanup. This means looking through all of the data you currently have and deciding if you need to store it or not. Maybe you’ve collected data in the past but haven’t used it for years, or you collected emails for a marketing list that was stopped. Whatever the reason, deleting unnecessary data is a great way to clean up your systems and to reduce the risk of any data breaches.

Keep Records Of Consent

As part of the new legislation, making sure you have consent to use customer’s data is essential. It’s suggested that you keep all records of consent just in case you ever undergo an investigation and have to prove that you’re allowed to contact customers. It’s also a good thing to have as part of your data protection policy in general.

If you’re not sure if you have consent from users, then you can always send them an email and ask them. Known as an opt-in or confirmation email, you simply ask users to confirm that you’re allowed to hold their data and use it for marketing purposes. This way you can save their consent on file just in case proof is needed in the future.

Need Some GDPR Consultancy?

Getting your small business GDPR compliant can be hard work, especially when you’re a sole trader and have little time on your hands. With the deadline fast approaching, it’s crucial you take action and update your policies or face huge fines from regulators.

Save yourself the time and stress by letting our team of GDPR experts review your business to ensure you are fully GDPR compliant. Send us an email via our contact form or contact us on 01935 277 960 for more information about our GDPR services.

Get In Touch