What Does the General Protection Data Regulation Mean for Small Business?

 In Articles

he enforcement date for the General Protection Data Regulation in the EU, 25th May 2018, is fast approaching.  There are dozen of resources out there but unfortunately many of them are still riddled with legalspeak.

Here is my take on the laws, with the help of a lawyer of course! It will also go through how I personally got ready for the GDPR as I do take email information for my list from residents of the EU.

(A quick note before we get stuck into the abridged version of the GDPR, please do not take this strictly as legal advice and if you are unsure you have to visit a lawyer in your local area.)

The GDPR was implemented in order to protect the data of EU residents. The basis of the framework is to ensure consumers are well aware of where their information is going and how it will be used.

Some simple steps to make sure your small business is compliant:

Double opt-in is best for email addresses

You cannot have an ‘opt-out’ feature under the new laws. The best standard for compliance is double opt-in. By definition a double opt-in consists of any 2-step process. Most businesses will have an ‘enter email address’ bar, which will trigger another email to the users specified email address to make sure they want to be added. I have used double opt-in on this website.

Be specific:

Tell the user why they are adding their email address and where it will be used. If you are offering a ‘freebie’ to capture email leads, you also have to let them know that handing over their email address for the freebie will add them to your newsletter or further promotional campaigns.

Make sure your privacy policy page is up to date:

If you are unable to go into full details of how a users information will be used, you need to dedicate a special section to it preferably in your privacy policy.

Check your website security:

The GDPR is pretty vague when it comes to potential hacking. However, for your own personal business reputation it is better to ensure that if your website is storing personal information that you have necessary website protection in place. You can do this through your internet provider.

Be contactable:

If your users request to have their information removed, under the GDPR you need to do it immediately. You should have a place where users can contact you if they wish to have their details removed, or a place where they can ‘unsubscribe.’

Do not sell or pass information on to other businesses:

If you are going to distribute information, the user needs to be aware what is happening to their information. Small businesses should never pass on information to larger corporations to stay on the safe side.

If in doubt, know where to go: Your local lawyer or small business hub should be able to assist you. There are also many resources online to help you get compliance with the GDPR.  You may even have to hire a privacy protection officer depending on how much personal data you store and use.

If you have any further question, leave a comment below or contact me through the form on the website!

Links to relevant articles are below:


Recent Posts

Leave a Comment