Lisa Woodward, Regional Director of the Athena Network West London has been so kind to share with me the presentation of the session she recently had at the Athena Ealing Group.

I’m a member of the Sheperd’s Bush Networking Group, and I can really vouch for this women business networking. The Athena Network has been for me as an unmatchable source of business opportunities but also connections and knowledge, delivered through presentations like the one you can read described on this page. When I visited the Ealing Networking Group, I had the chance to see Lisa explaining these GDPR for small businesses tips. Since today  is the last day before GDPR is enforced and being us all so worried and busy with it this week, I thought sharing them would be useful.

Here are the tips about GDPR for small businesses she shared with us:

GDPR is “the unwitting cause of 400% more emails in your Inbox than usual”, but it is not new:

  • We are already obliged under the 1998 Data Protection Act to be clear to clients on the data we hold, what we are using it for and how it is stored
  • All websites should currently have a privacy policy on them as part of EU regulation
  • You should already be reporting data breaches

The ICO is the organisation in charge and you should take the self-assessment quiz here to decide if you – as an individual or on behalf of your business or organisation – need to register with the ICO.

How Personal Data impacts GDPR for small businesses

What is personal data?

  • Anything that can identify an individual
  • Name, address, age, email

What can you collect?

  • Fair & Lawful
  • Specific Purpose
  • Adequate

How can you collect?

  • Written must be locked away or scanned in
  • Password-protected
  • Clients can ask to see ANYTHING you have written on them

GDPR for small businesses and Marketing

Customers must have ACTIVELY opted into your mailing list, and you must be able to prove this.

You must check if customers still want to hear from you before 25th May.

Useful Exceptions:

  • The most important thing to remember is that you can only carry out unsolicited electronic marketing if the person you’re targeting has given you their permission.
  • However, there is an exception to this rule. Known as the ‘soft opt-in’ it applies if the following conditions are met;
  • where you’ve obtained a person’s details in the course of a sale or negotiations for a sale of a product or service;
  • where the messages are only marketing similar products or services; and
  • where the person is given a simple opportunity to refuse marketing when their details are collected, and if they don’t opt out at this point, are given a simple way to do so in future messages.

GDPR for small businesses myths

GDPR for small businesses: the Myths

Personal data should not be confused with corporate data. For example, if someone hands you a business card you are allowed to use the information on it to contact them.

Fines are 2% of turnover OR up to 10 million euros, whichever is higher.

You are responsible for all of your data processing, including your systems (MailChimp, for example).

If you’re a website owner, you might want to read this article about GDPR compliance for WordPress Websites.

How did you make your small business become compliant to GDPR? Share your tips and best practices with us in the comments and on our social media: let’s try and help each other through this change!