Part 1: GDPR and what it means for small businesses

If you’re a business owner or work for a business that handles any kind of customer data, then you’ve probably heard the term GDPR floating around recently. But what exactly is GDPR and what will it mean for your business when it’s introduced from 25th May 2018?

As a business owner myself, GDPR has been on my radar (and my ever-growing to-do list) for the past year. I know first-hand how hard it is to dedicate time – valuable time that could be spent serving my clients or finding new ones – to keep up-to-date with this stuff. But it is important. That’s why, as I’ve been learning about GDPR and understanding what it means for Sayers Solutions, I’ve been jotting down my learnings and thoughts which I’m going to share in a series of blogs.

I have always been mindful of the ethical collection and storage of data, and with GDPR being the biggest change to the data protection law in over 20 years, I was keen to get to grips with it. To date I have organised two seminar sessions and attended several others. I’ve written this series of blogs after reflecting on these sessions as well as my experience of implementing audits and data mapping with clients and for Sayers Solutions.

I hope the blogs help you to manage your data compliance without hindering the day-to-day running of your business, as well as offering some useful recommendations for you to implement.

The blogs are by no means a complete review of GDPR nor an inclusive recommendation on how a business would become compliant. That information is available on the Information Commissioner’s Office website ( Instead they are intended as a conversation starter and a prompt of the main points you need to consider to help you prepare for the introduction of GDPR.

So, let’s get started.

What is GDPR?

GDPR stands for General Data Protection Regulation and will replace our current data protection laws from 25th May 2018 to strengthen citizens’ privacy rights within the EU. It is the biggest change to our data protection laws for over 20 years and penalties for not complying can be severe.

As a business you will need to evidence compliance and have procedures in place to show that you have considered and been careful with the data you hold. You will need to consider:

  • where the data came from
  • the reason for processing the data
  • how long you want to keep the data.

However, you will also need to manage a ‘do not contact’ list and consider the notion of ‘do no harm’.

In this series of blogs, I hope to expand on these points by covering:

  • what is meant by the ‘lead source’
  • valid lawful reasons for processing data
  • why you need to consider how long to keep data for
  • the benefits of managing a ‘do not contact’ list
  • and the notion of ‘do no harm’.

Read my next blog discussing the lead source and evidence.

Want more now?

Download the entire blog series in PDF here for free.

If you would like to discuss your GDPR compliance, or any other marketing activity, then please get in touch. Sayers Solutions are well connected with experts on this matter and would love to help support your business.

If you want to arrange a conversation, we can chat over the phone or potentially skype. Give me a ring on 07790705223 during reasonable business hours (yours might be more generous than mine, so please don’t ring too early! #SchoolRunMum).

If you are in the Huddersfield/Wakefield/Leeds area let’s arrange to meet to discuss this or your marketing activity further.

Or email me through the website contact form

Like what you’ve seen?

If you’ve found this article useful and want to receive more carefully crafted advice and support tailored to small businesses please join our mailing list:

Look forward to hearing from you

Merewyn Sayers
Sayers Solutions – Small Business Marketing and Strategy