Is anyone else with a small business confused about GDPR?

4 posts
Posts: 362
Joined: Sun Mar 10, 2013 10:59 am
Share this post on:

Is anyone else with a small business confused about GDPR?

Postby GuyD73 » Tue May 15, 2018 1:51 pm

All I have in my business is some name, email and address data for a few hundred customers and name, email and (sometimes) postcode for about 500 more on the newsletter mailing list.

Many of you have probably had a flurry of emails from businesses in the last couple of days asking you to reconfirm your consent to hold your information. However, among the ones I've had, the tone, wording and what's being asked have varied considerably and just from chatting to a few people, there seems to be a range of attitudes towards how companies will play this.

I don't hold any sensitive information, nor anyone's credit card details, so that may help. I've also had explicit consent from everyone on my mailing list, so I think I don't actually need to ask for it again.

See 'existing contacts' bit on this link ... ign=eepurl

My web site doesn't automatically add customers to the mailing list, so every time I've added someone manually, I've definitely spoken to them and got their consent verbally.

I hope I'm reading this right because despite the fact I get a fairly decent 'open rate' of around 40%, needing to reconfirm that consent would cost me a great deal of my list and diminish a key asset of the business that's taken years to build.

Particularly interested to hear from anyone who has taken legal advice or managed to speak to the ICO's new helpline ( 0303 123 1113) - I have been on hold for about an hour so far, hope it's free!

In case it's helpful for anyone ... egulation/

All and any advice very gratefully received
Posts: 1808
Joined: Sat Oct 17, 2009 5:39 pm
Share this post on:

Re: Is anyone else with a small business confused about GDPR?

Postby juliantenniscoach » Wed May 16, 2018 12:19 pm

That's the view I have taken. I included an option to opt out in my last emailshot but I don't hold financial detail either. Neither do I buy lists etc. I think it's this decade's 'Millenium bug' to be honest. I think it's aiming at companies who spam or hold confidential data..
Posts: 41
Joined: Thu Oct 09, 2014 1:23 pm
Share this post on:

Re: Is anyone else with a small business confused about GDPR?

Postby Happymummy2014 » Mon May 21, 2018 10:35 am

I sympathise! GDPR is a horrible minefield - good for individuals, but a huge workload for businesses. The good news is that the ICO has said 25 May is not the end (ie not a cut-off) but the beginning, but they do expect everyone to have at least made a start on being compliant before Friday, therefore.
You don’t say if you have done a mailshot. My understanding is that every business needs to take some active steps to comply with GDPR. This would include:
1. Updating your privacy policy on your website (if you have one) - you could visit the ICO guidelines and other business’s websites to see what is needed and how others are handling it;
2. Communicate with everyone for whom you hold personal data, which includes name, address, email, phone number, date of birth and credit card info (but other things as well). The point here is to tell them you have a new privacy policy and give them a chance to opt out (I think for those who are not current customers, you are supposed to ask them positively to opt in). So you probably do need to do a mailshot if you haven’t already, as past consent is not likely to be enough by itself;
3. Be aware of where and how you hold their data (database, email system, accounting records, paper records) so that if you are asked to delete it, you can actually find it and delete it (except to the extent you need to keep it to comply with your legal duties eg VAT records etc).
I am not an expert and am just repeating what others have said! But I hope this helps a bit. Good luck!
Posts: 85
Joined: Mon Oct 31, 2016 8:06 am
Share this post on:

Re: Is anyone else with a small business confused about GDPR?

Postby chorister » Wed May 23, 2018 3:21 pm

There was some pretty sensible stuff here. ... ay-experts

It sounds as if most businesses, especially small ones who know their customers, will not have a problem, unless they buy in lists. Given the way data is abused the GDPR is on balance probably a pretty good thing, but there are a lot of people - especially consultants - spreading uncertainty about it.