Many very small businesses now use direct marketing techniques once the sole domain of the bigger companies and brands. If you use email, texting, a website or any of the ‘old fashioned’ methods, such as flyers, catalogues and adverts in local media you are almost certain to have some form of list of the customers you retain contact with. In fact, the email list is seen, in some business quarters, as the ‘Holy Grail’ of marketing opportunities.
But in May 2018 new rules come into effect – the General Data Protection Regulations (GDPR) – that will require very careful handling of any personal information you hold about your clients, customers, suppliers etc. You should already be requesting permission to use your customer details for future contact, but in many cases from 2018 you will have to be clearer about how safely you hold the data, what you will use it for and how you will deal with any potential breaches – for example, if you have a printed list of emails that goes missing, a laptop in the boot of a car that gets stolen or on-screen details in full view of the general public (often an issue in shops) you will have to report it to the Information Commissioner within 72 hours and face quite considerable fines, and this is without the possibility of your records being directly targetted by hackers. We have written about this on here before, but many were shocked that even a small local history society could be fined for losing an unencrypted laptop list of their membership. It is time to take data protection and cyber security seriously.
So how can you find out more? There are many companies that will offer to advise you, but as a micro business or sole trader, you will be rightly worried about the cost and the possibility that you can undertake an audit of the information you hold yourself.
The very best place to start is the Information Commissioner’s Office, where there is a page devoted to GDPR. It offers all the information you need to keep track of the timetable for the implementation of new rules, links to useful and accessible blog posts on the subject and lists events you can attend to get you up to speed. There is also a whole page devoted to resources for small businesses, to support them in making sure they comply with the current rules, and any expected changes.
With even the biggest organisations – including the UK Parliament and NHS – subject to recent cyber attacks, when confidential information was hacked, it is clear this is something we all need take the proper steps to ensure compliance.
If you are a start-up or established small business and are concerned about this, or other issues relating to your business do fee free to get in touch with us here at Cornerstone – all our mentors are experienced business people volunteering their expertise for free.