Small businesses are clueless about GDPR

January 23, 2019

It’s quite a scary statement, but more than 50% of small business owners are ‘clueless’ about GDPR, according to this article in the Independent.

It’s important to note that the actual survey was compiled for insurer AON, so it will be of no surprise to see that there is a line about how many businesses are not insured in the event of a data breach.

But is it as scary as the Independent is making out?

Well to start with, only 1,000 small businesses were asked about GDPR. There are 5.7m small businesses in the UK so only 0.017% were surveyed.

Let’s set aside the very small numbers here and imagine that, actually, small business owners are not completely clueless about GDPR. There is an assessment provided by the information commissioner’s office (ICO) to help determine if you comply.

Here are a couple of thoughts around GDPR specifically for the small business owner (we’re in the 0-5 employee bracket here):

What data does your business inadvertently collect?

What information do you collect about your customers and where do you keep it?

From the moment you speak to a customer, you will have a record of them. On your mobile phone for example. If you’re a sole trader that’s likely to be your personal phone.

If you back up your phone to your computer, which may sync to the cloud (online storage) then you have that one customer’s details in three separate places. Phone, computer and cloud… and that doesn’t include any backups that you may have.

You are responsible for this customer data.

So, how long are you keeping this customer information for?

The rule is that you should not keep any personal information for ‘longer than necessary’. Now, that’s a bit ambiguous to say the least, but do you really need to keep a customers details if you haven’t seen/spoke/contacted them in the last four years? There is an element of common sense to be applied here.

Do your existing customers know what you have on them?

If you do keep customer information, not only does it need to be up to date, but the customer needs to give consent. You don’t want to inadvertently send the wrong thing, to the wrong person, at the wrong house. The question then is… how did you ask for it?

It can’t be tied in with T&Cs, so you need to think about how you are letting them know what information you have and confirm that it’s correct.

This is a great opportunity to get customers to confirm the correct details but they can consent to you having it at the same time.

But wait…. what if you didn’t actually need your customers details for marketing?

See, now you think I’ve gone mad. How can you contact your customers if you don’t have their details?

Think about why you’re contacting them.

For the most part you’re only ever going to contact a customer who has already booked with you because you need to confirm something or possibly re-schedule.

But what about marketing or telling people that their favourite stylist is suddenly available? That’s where GDPR has become a nightmare.. What can you send out? Have they opted in to receive such information?

Maybe you run a restaurant that has a table free due to a cancellation, or you’re a dentist and don’t want your receptionist calling 30 people to see if one is available to fill an appointment at 4pm?

What if you could comply with GDPR and not have the name, phone number of a whole group of people, but still contact all of them at the same time. What if you could do it in as little as 10 seconds?

Seriously, I’m not bonkers!

This is what the me:now app does.

You post when you have a slot available. A dental appointment, a physio with a slot free, a stylist who hasn’t got anyone at 4pm… you get the picture.

Your customers follow you on the app. They are opting in to be notified when you are available.

They turn the notifications that they receive from you on and off. When they want to use your service they turn it on. When they have used you, they turn it off.

Everyone that follows your business and opts in… gets notified at the same time.

And you have no record of who has received it until customers start ringing to book that free slot.