GDPR Update

Disclaimer: GDPR (General Data Protection Regulation) is a very large and complicated piece of legislation. I’m not a lawyer. The information in this article is absolutely not legal advice and I cannot be held responsible for its accuracy. Details of where to get the legal information can be found at the end of this article. However, the information provided will give you a starter for ten and give the most up to date information I can find…as at January 2020.

GDPR (General Data Protection Regulation) came into force on 25 May 2018 for European businesses. As a small business, I read everything I could get my hands on to ensure that my business was compliant; 19 months on, there are still hundreds of businesses that don’t comply or who simply don’t know how to.

 

Although the UK is leaving Europe, if a business has any dealings with European countries, or has customers in European countries, they will still be subject to GDPR, so it’s vitally important to understand what you need to do to comply. I know that you’re probably glazing over now and may think it doesn’t affect you and who’s going to know if you comply or not, but small businesses are being investigated and questions are being asked, so it’s worth making the effort to ensure that you are covered…and it’s not too difficult to get your head around.

Is your business GDPR compliant_

How do I know if my business is impacted by GDPR?

Basically, if you control or process any kind of customer personal data then your business is impacted. This could be as simple as keeping your customers’ names and addresses, telephone numbers, IP addresses. Obviously some businesses will keep a lot more, such as medical information, bank account details etc.

GDPR is just about protecting those individuals, (your customers) from having their data fall into the wrong hands. The two key principles are that businesses must have appropriate, legal reasons for processing personal data and a business can only collect personal information for a specific purpose and it is only to be used for that purpose.

The good news is that for businesses with fewer than 250 employees, you are not required to keep records of your processing activities, unless it is regular activity, concerns sensitive information or if the data could threaten someone’s rights.

Most of us who have a small business hold some form of personal information about our customers – it might just be an email address or name and postal address, so there are some things to do to be GDPR compliant. There are very steep fines for those who don’t.

How to comply

  • Your responsibility
    There are two words to describe the person who is collecting and processing data…
    web-3963944_640Data Controller – the person who decides how and why personal data is collected. This is usually the business owner, as in my case. This person must ensure that the business is compliant, including transparency, data storage, data confidentiality and accuracy of data collected and stored. The Data Controller is also responsible for reporting to the Information Commissioner’s Office (ICO) if a data breach occurs or if data is lost or stolen from your business..or report to CNIL if you are in France.
    Data Processor. This person (in my case it’s me too as I don’t have any employees!), is responsible for processing personal data, which includes anyone who has access to your customers’ personal information and uses it – say, for creating and sending marketing emails or sending out your newsletters to your customers. The Data Processor is responsible for ensuring data is processed in line with GDPR requirements and they should record processing activities, as well as ensuring appropriate security of the data they handle.
  • You need to understand your data
    – Do a thorough check on all the data you keep on your customers (and employees if you have them) – both past and present.
    – Decide how much data you really need. GDPR states you only need to hold data that is absolutely necessary, and for as short a time as possible. If you have old Excel spreadsheets with old customer data, you could be falling foul of the rules, so get rid of anything you no longer need.
    -If you have data that is defined by GDPR as ‘special categories of personal data’, you must have explicit permission from that person to hold that data about them. This includes political affiliation, religious beliefs, sexual orientation, trade union membership, racial and ethnic origin. The reason you must have permission to keep this data is that if it got into the wrong hands, it could be misused to discriminate against an individual.
    – You need explicit consent from anyone whose information (no matter how much or how little) you are going to store.
  • Your data consent policy also called Privacy Policy
    You must get clear and explicit consent from your customer that they are happy for you to obtain and store their personal information. It must be clearly explained keyboard-895556_640 (1)what personal information you want to collect and why, and how it will be used. The individual must agree and if they don’t, you must not collect and store their data under any circumstances. This includes conditional data collection, such as where you offer a freebie on your website to get people to sign up to your newsletter and then use that data for marketing your products or services.
    You must be able to show that you have obtained consent for the data you hold. Not having a record of consent leaves you open to fines.
    You must also provide an easy way for your customers to opt out of anything they’ve agreed to in the future. So, for example, if you send out a newsletter, there must be a box or email address shown that clearly states that the customer can unsubscribe to it at any time.
  • Old data
    If you already have a database of customers and their information, or you take over a business from someone else, including their customers, GDPR requires you to re-consent all of those customers. This means you must contact every single customer you have information on and ask their permission to continue to store and use their data.
    If they do not consent – and this includes anyone who does not respond – you must delete their data.
    The same applies to any old data you have on anyone – if you no longer need it, it must be deleted.
    binary-1327493_640For us small businesses, you need to have a policy that states how long you will keep a customer’s data if they are not continuously engaging with your business. For example you could say that any data you hold will be deleted after 12 months, if that customer has not engaged with your business during that 12 month period.
    It’s a good idea to set up regular data reviews to ensure data is not kept longer than necessary.
  • Data storage and security
    GDPR covers data, no matter where it is stored – be it on email, in customer databases, mobile phones, cloud-based service etc. As a small business, you need to create a data processing and storage policy. This should specify where customer data is secured, how it is protected, such as encrypting data and securing your website with SSL, and who has access to it (most likely your data processor to get email addresses, names etc) and for what purpose (could be to send out a newsletter for example).
    If you transfer data from one person to another or share with third parties, you need a plan for how the data is moved (such as on a USB stick or laptop) as this is a huge risk – having data encrypted can help alleviate the risk, but my advice would be – don’t move it!
  • Large businesses need to appoint a Data Protection Officer, but for the purpose of this article, talking to small businesses like myself (less than 250 employees), we would be exempt from this.
    If you do have employees, especially if they have access to customer data, they need to be trained on data handling and security.
  • Requests for access to data
    Any EU citizen can request access to all the data you hold on them – known as a Subject Access Request (SAR). This can be anything you hold, from name, address technology-3219129_640and email address, to any references made to them in email messages, websites, electronic notes etc. If you’re a small business, this won’t be too difficult, but for huge businesses, it would be very time consuming to go through hundreds of documents and data entries. That’s why it’s so important to know what you hold on your customers and where. If a customer makes a SAR, you have 30 days to comply, so good to have a plan in place.
  • Are your suppliers GDPR compliant?
    Small businesses often rely on contractors and suppliers. Even if your business is GDPR compliant, you must ensure suppliers and contractors are also GDPR compliant.
    Please note: Small businesses are exempt unless you’re working with a larger business that has more than 250 employees, in which case you can fall foul of GDPR if the larger business is not compliant. The quickest way to find out is to ask suppliers to complete a GDPR compliance form detailing how they handle data, security and storage procedures…and what type of data they handle. You can send them a GDPR compliance checklist for small businesses for them to complete. Ensure contracts specifically refer to a supplier or contractor being GDPR compliant. Include the right to audit their business if needed, such as making an on-site visit to review their data processing arrangements.
  • Create data processing notices
    Data handling must be fair and transparent, so you need to create a document explaining how your business deals with data. Known as Fair Processing Notices (FPNs). It all sounds complicated but an FPN is just about giving people clear information about what you’re doing with their personal data.
    You FPN should describe why you are processing their personal data, including that you have their consent via an opt-in or sign up to a newsletter for example.
    If you are sending their personal data to a third party, such as another customer, employee, supplier, you need to state this on the FPN.
    You also need to say how long you will be holding onto their data, known as the ‘retention period’.
    Finally, you need to state that all your customers should be aware of the existence of their personal data rights – this should be pointed out to your customers.

For more detailed information on GDPR…

Click here if your business is in France (in English!)

Click here if your business is in the UK.

What marketing strategies are going to be popular for your small business in 2020?

With 2020 just around the corner, it’s time to think about what you want to achieve with your small business next year and to focus on your marketing strategy.

2020…the start of a new decade… and it will be no surprise to know that digital marketing is going to continue at pace to be the most popular form of marketing. With technology continually moving forward, it’s so important to keep on top of what’s new and how you can use it to promote your business.

Digital Marketing

Digital marketing just means online marketing, using digital technology on the internet or on mobile devices. There are several digital marketing channels and I’m going to look at a few of them, with ‘marketing into a new decade’ in mind!

design-4425623_640

Business website – Even if you have a great following on social media, it can’t replace having a business website. This is the home or hub of your business, the one place online where you are completely in control of everything you want to say about your business. It can be as simple or as fancy as you like…but the one MUST-HAVE is that it needs to be mobile friendly, as most people use mobile technology to scour the internet.

seo-592740_640SEO – or search engine optimization. This is the process of increasing traffic to your website. This includes using the right keywords, your social media presence, references to your website from external sites, to name a few. In 2020, this is going to be vital to keep ahead of your competition.

Local search engine optimization – as most people have mobile phones and use them ‘on the go’ they will be looking for local businesses when they are out and about. Google’s search results now apparently favour websites that are optimized for local search by including location information and location-related keywords. You can also claim your business location on local search directories, such as Google My Business. Just ensure that whatever local directories you choose to be a part of, that your details are exactly the same, including spelling, on all directories – not 10 High St in one and 10 High Street in another.

Email Marketing – these days nearly 7 out of 10 businesses use email marketing and it is the third most popular digital marketing method. Around half of the population check their email on mobile devices and research shows that a third of emails opened are opened on mobile devices. So, if you going the route of email marketing, think ‘mobile’ – keep emails short and clear with a clear call to action. Use white space to make it easy for ’click here’ buttons or links.

online-marketing-1246457_640Content marketing – this is about blog posts, e-books, infographics, videos etc. that you share digitally. The goal of content marketing is to entice users to view your content and take action, clicking your call to action button. For example, you might write a blog post about ‘How to insulate your house for winter’. The call to action button might be ‘Contact us to get a free quote to insulate your house this winter.’ And research is showing that rather than having lots of short blog posts, people prefer longer, more relevant information that answers their questions and is of value to them.

Pay-per-click advertising or PPC – PPC digital adverts appear when you do an internet search – if you have a PPC ad with terms that someone is searching for, your ad will come up. The name PPC comes from the fact that you only pay for the ad when someone clicks on it. You sometimes see this on Google and on some social media sites.

adult-3086300_640Voice Search – By 2020 it is expected that voice search will account for half of all Google searches. So how do you make sure your business is found? Good SEO will help, but it might be a good idea to create an FAQ page on your website answering questions that people might ask about your products or services. Make the questions sound the way that people talk. For example, if you own a fish and chip shop, people are more likely to ask ‘what chip shop is open right now?’ rather than the way they’d type a search into a search engine…opening times of fish and chip shop.

Google My Business – if you have one of these listings, regularly add new photos, posts, offers etc. and ensure your description is current. Add as much information as you can to it. Make sure that there is a link to your website and in particular, your reviews page – this promotes consistency across channels.

film-596519_640Online Video – Today’s generation prefer to view video footage to get answers to everything they want to know. YouTube is the second most popular website, pipped at the post only by Google. Videos that show someone how to do something, help solve their problems, etc. is definitely the way to go in 2020.

Tell your story – consumers love real interaction with businesses. They want to know the face behind the name, so think about how you can be transparent about your business and values. Live stream on FB, short informational videos, behind the scenes videos all help to create a feeling of intimacy with your customers – and that can help build a bond with your target market.

Social Media

follow-1210793_640No matter what channel you use, have a business page and plan what you are going to do and when. Try and plan a host of different posts to keep your customers coming back for more. Use video, audio with pictures, product posts, competitions, polls, quotes, funny stuff and serious stuff. Make things as visual as possible and plan to post regularly and consistently. You can look at your insights to find out who looks at your posts and when is the best time for you to post. Plan to post at least three times a week, more for visual channels like Instagram.

Messenger is also a great tool for customers and customer service. You can speak directly to your customers in real time, answering any questions or talking to them about a product they’re interested in.

In conclusion, marketing in 2020 will continue to move and change at a fast pace. Be willing to adapt to the change, embrace the new technology where you can and have fun making video content and thinking of ways to be more creative with your marketing. Your business will continue to develop and grow and you will find yourself attracting great, quality customers in your digital world!

If you would like a free consultation about how digital marketing could help your business in 2020, click here.

Boost your productivity with a clean and clear desk space

I don’t know about you, but I love the spring…seeing everything coming back to life, flowers pushing their way through the ground, lambs in the field next door to me and spring-bird-2295434_640everything feels fresh and new. The only downside is that the grass grows at a phenomenal rate, so I’m out on the sit-on lawnmower a lot! But even that gives me a weird sense of pleasure…my thinking time!

On my last batch of lawn mowing, I was thinking about my writing work, as I often do, and about a couple of articles I’d read recently about how productivity can be boosted by simply having a clean and clear desk space – I guess the this saying sprang to mind, “A cluttered desk is a sign of a cluttered mind”. This rings a bit true for me, because while I constantly make lists about everything, from my daily work ‘to do’ list to shopping to what I need to do around the house and garden, I am a maker of ‘piles’. I have piles of books, papers, a ‘to do‘pile of stuff that needs looking at urgently etc. etc.

Piles of paper

cluttered-1295494_640I’ve always thought that my piles of stuff were a kind of organisation – I know where everything is; it’s my system and it works for me. In reality, it doesn’t, there have been several times recently where I couldn’t find something important…because I’d put it ‘somewhere safe’ in a pile of other paper. I’ve always found what I’m looking for in the end, but this has taken up precious time and effort…if I’d had a designated space for my piles of stuff, I’d know for sure where everything is.

Dump the piles!

It’s quite simple to get rid of the piles of ‘stuff’. The answer is organisation.

  • Go through the piles of stuff and organise the paper into an order – you might have bills to be paid, articles to read, stuff that needs filing. Whatever it might be take a few minutes to sort things out. Use a filing cabinet or shelving system to organise yourself – maybe use box files or lever arch files to put the same kind of thing in one place.
  • Have an inbox with things that need doing today, such as bills you can pay online, a reminder to email someone or ring someone. When those things have been done, file them away.
  • Throw out anything you don’t need – there’s bound to be things you no longer need or use, so bin it!
  • computer-2593921_640Go paperless – in our world of recycling and conserving the environment, it amazes me how many people don’t do online banking, for example. It’s so much easier that sifting through page after page of bank statements, when you can do it at a click of the mouse. I do appreciate that not everyone is computer savvy, but as much as possible, get rid of everything ‘paper’ that you can.
  • Schedule in a 15-20 minute session a week to clean your desk and surrounding work space. This will help you keep things organised and won’t allow you to let your piles build up again!
  • If you have documents that you need to keep, scan them into your computer and save them in a file. These things don’t have to take up valuable space on your computer, you can use one of the many free cloud storage devices, such as Dropbox, G Drive or iCloud.
  • If you use an office desk, take everything out of the drawers, be ruthless and throw away anything that you no longer need or use – if you have anything with personal information on it, burn it or shred it. Organise your drawers, so you will know where everything is at a glance.
  • If you have loads of electronic devices, chances are you’ll have a spaghetti-like muddle of cables and wires. That can be distracting or sometimes, even dangerous. Get them organised using a cable organisation system or those plastic ties. There are loads of products to help you with this – simply Google search or look on Amazon.

background-2091_640Finally, I just LOVE stationery! I have an abundance of pens, pads, staplers and little gadgets, but do I really need them all? I like to have them, but I don’t necessarily need them all on show on my desk, so if you’re the same, it’s time to find a place to put them…in a drawer, or in a box within a drawer, so you know where they are. Actually, having all my bits and bobs in a box within a drawer means I can buy some more stationery (!)…the little boxes to put everything in! Probably not a good idea, but works for me!

How does this boost productivity?

paperclip-168336_640A clean and clear office space will help you feel more organised and motivated, whereas a messy space makes for muddled thoughts and needless stress.

A cluttered desk also serves as a distraction, so if it’s clean, you can be more focused on what you need to do.

approval-15914_640Stress plays a bit part in most of our lives, and a huge pile of paper can make you feel that the hill is too big to climb; it’s overwhelming.

So, with a clean and clear desk space, you can start the day knowing where everything is, knowing what is a priority for the day and you’ll be able to be more focused on what needs to be done.

What do you do to help keep your desk space uncluttered and keep your mind clear to focus on your work? I’d love to hear from you!