The General Data Protection Regulation (GDPR) came into force on 25 May 2018 – 2 months ago now. Many small businesses I work with have mentioned to me that they have an awareness of the regulation, but do you really understand what it means and how it affects their operations? Don’t worry, we’ve got the basics covered. 
Firstly, all businesses operating in the EU needed to be fully compliant with GDPR by 25 May 2018, from international giants right down to small firms that operate on a local scale. With the potential for fines for non-compliance, it’s important to make sure the necessary steps are in place. 
 
If you’ve yet to assess how GDPR will affect your business, here’s three simple steps to get you started: 

1. Permission for email marketing 

Marketing to customers is an essential for growing your customer base but how you go about it is set to change. In order to directly market to customers via email, you will need to have their explicit permission. 
If you currently use a lead generation form, collect data when consumers make a purchase, or gather email addresses in another way, you need to add a statement that users actively tick to say you may contact them for marketing purposes. If customers currently have to uncheck a box, that needs to change. If you work with a third party to support lead generations, you need to make sure they stick to this term too. 

2. Clear privacy policy 

You should already have a privacy policy in place on your website but if not, GDPR is the perfect opportunity to ensure you have one that’s clear and transparent. You should set out a range of areas, such as what personal information you hold, how it will be used, and how it’s stored. Not only does your privacy policy need to be intelligible but it should be readily accessible too. 

3. Simple way to opt out 

Do you currently make it easy for leads and customers to opt out of your communications? From when GDPR is implemented, it’s an essential requirement. It’s likely that an unsubscribe button is already located on your emails, if it’s not this should be the first step that you take. But you need to go beyond this too. The process of opting out should be straightforward and accessible, and all data relating to the person should be erased. 
If you need more advice on GDPR and how it affects your business download our whitepaper or feel free to get in touch.  
 
 
 
 
Written by: 
 
Nicola J O'Sullivan -  
Effective Accounting 
 
Founder | Xero Champion | IR35 Expert 
 
 
Tagged as: GDPR, Security
Share this post:
Our site uses cookies. For more information, see our cookie policy. ACCEPT COOKIES MANAGE SETTINGS