For a healthy mind, body and business

GDPR: What Does A Small Business Need To Do?

Been getting a LOT of emails recently?

The kind asking you to confirm that you would still like to receive the emails. I know, it seems a little laborious. I’ve been making the most of it and having a good clear out!

You have also probably been asked to read through a whole load of privacy policies and review terms and privacy notices every time you go online at the moment.

If it’s the case, you may now be familiar with the term GDPR (General Data Protection Regulation). Yep, it might be about one of the driest subjects we cover but, given that it pretty much affects all businesses, I thought this might prove useful.

This is a European regulation cracking down on data protection and privacy which comes into force on May 25th. It’s getting everyone very excited and anxious to be doing the right thing. Hence the inbox bombardment right now.

This is great actually. It is finally making people much more accountable for how they use and protect your personal information and in theory, you should now only receive emails from the people and companies you really want to hear from.

Is it relevant to me?

But what about for you as a small business owner? I know that while I’m sitting at home doing my work, I can’t exactly just call my firm’s legal helpline because my three-year-old son isn’t quite ready to qualify yet!

But on a serious note, it is still important. It’s not something to panic about but it is something you need to consider to avoid any potential penalties down the line and best practise is always to get all your ducks in a row at the outset, no matter how small your business.

We all want to look after our customers and ensure we maintain their trust. Trust is so valuable and being transparent, open and honest is one way to show that you have their best interests at heart.

GDPR relates to all ‘personal data’. If you take payments, take any form of contact details from people, in fact, anything which can identify another person, GDPR is relevant to you.

But I’m not in Europe?

First thing to notice of course, is that this is an EU regulation, but even if your business is based outside of the EU, there are things you should certainly be aware of.

  • Do you have any customers based in the EU?
  • Is anyone on your mailing list in the EU?
  • Do you hold any personal details (names, contact details, payment details etc) of anyone within the EU?

If the answer is yes then you will need to get your head around GDPR.

What about Cookies?

Not the edible kind, unfortunately.

Even if you don’t process any data in the form of taking payments, names or email addresses, if your website uses cookies then you need to ensure visitors to your website are aware and consent to the use of them. Some cookies are essential for the functionality of your site but others are not, and visitors have the right to switch them off.

What do I need to do?

GDPR is a huge area so I am going to focus on the areas, which, as a small business, you probably need to be most aware of, mainly around marketing. However,  if you are keen to get your head around it in all the juicy detail, the ICO website is where you can find the information. (This ain’t exactly a page-turner).

GDPR does not just cover the online world, it’s also relevant if you take people’s information on paper or contact them via post or telephone. However, email is increasingly the preferred method to contact and market to people.

A few things you can do:

  • Ensure your privacy policy is up to date and GDPR compliant.
  • Let people know specifically what data you process and be transparent about how it is used and stored.
  • Ensure people are actively signing up to your mailing list with a positive opt-in.
  • Let people know how they can unsubscribe with relevant links.
  • Ensure those already on your mailing list give their re-consent to continue being contacted by you if their consent was not given by GDPR compliant means.
  • Keep a record of how people have opted-in and when they did so.

Why is this so important?

Legal stuff makes my head spin but GDPR is here to protect all of us and therefore as business owners we are responsible to protect our customers and their data .

It gives us all more access and information about what data firms have on us and how they use it.

It also gives individuals the right ‘to be forgotten’ and request businesses to remove and erase their data.


GDPR comes into force from May 25th. Below you can access your very own GDPR checklist! This gives you a comprehensive rundown of all the things you might want to check to ensure you are not going to be in breach of the new data protection laws.

The checklist comes courtesy of data protection law expert, Suzanne Dibble, who is a fountain of knowledge around this whole GDPR thing. I definitely recommend downloading it.

Download the GDPR checklist!

Get the GDPR Compliance Pack

You can find the links to these downloads in the Tool Box as well!

Disclaimer: These are affiliate links so if you go ahead and purchase the GDPR compliance pack, I may get a small commission.

This is not legal advice and you should always check with a legal advisor or lawyer should you need sound advice.

About the author

Louise is an award-winning journalist and speaker who focuses on working from home, remote work and wellbeing. She is the founder of  The Homeworker, which is dedicated to helping you thrive when you work from home. The Homeworker publishes articles that are designed to keep you healthy, happy, fulfilled, and more productive in work and life.



  1. June 5, 2018 / 1:03 pm

    This is a great summary. We’re members of Suzanne Dibble’s Facebook group and have used her GDPR pack too. It’s been invaluable!

    • The Homeworker
      June 5, 2018 / 8:24 pm

      Thank you Emily. It can seem like a bit of a minefield especially for a small business. I agree, Suzanne Dibble knows her stuff!

Leave a Reply

Your email address will not be published. Required fields are marked *