What is GDPR and How Does it Impact My Small Business?

By now, you might have heard some rumblings online of something called the GDPR. What you might not realize is that if your business has a website, or it uses email marketing, analytics, advertising (like Facebook Pixel), or other third-party tools, you might need to make some changes. Before we go over that, let's dial it back a bit, and start from the beginning.

What is the GDPR?

The GDPR is the General Data Protection Regulation. It enhances data protection for European Union residents and provides a framework to guide business usage of personal data across the EU. 

The GDPR comes into effect May 25, 2018. It was designed to give individuals more control over the use of their personal data. And, as previously mentioned, it doesn't only affect email — it includes monitoring of behaviour, which most websites and apps do automatically.

It includes three main points:

  1. That individuals provide consent for the processing of their personal data such as their email, phone number, address, and financial info.
  2. That they have a right to have their data erased at any time
  3. That they will be notified in a timely manner if a data breach occurs

I don't live in Europe, does the GDPR still impact my small business?

It might! If your business is marketed to European clients, or if your business holds data for individuals living in the EU, you will need to ensure that you are compliant to the GDPR. 

What does this really mean?

If you meet any of the following, you need to make changes:

  • Your website is visited by those living in the EU
  • Your email list contains information for individuals living in the EU
  • You otherwise market or advertise to those living in the EU

How do I comply with the GDPR?

There are three fairly simply changes we recommend making. This is regardless of whether or not you offer products or services to anyone in the European Union. We think it's better to be safe (and smart) than sorry!

The first is to add a pop up to your website. Let your visitors know that your website uses cookies and that if they continue to use your website, they are consenting to your privacy policy. Make sure that your popup includes a link to your privacy policy and a continue button.

The second is to update your privacy policy to be GDPR compliant. You are welcome to copy ours, though be mindful of any changes you might need to make to tailor it to your own small business.

The third is to ensure that your email marketing practices are up to date. Ensure that you have double opt-in setup. This means that in order to be fully subscribed, one must confirm that they want to join your email list (usually with a checkbox). They are then sent an email confirming that they wish to subscribe. You also have to ensure that one can unsubscribe within any marketing email, or if they email you, that you will delete them from your list within a reasonable time frame. 

What are the consequences to not complying with the GDPR?

Data protection officers are being appointed to oversee compliance in all countries, not just the EU. Those found guilty of non-compliance will face hefty fees.

More serious infringements can result in a fine of the greater of 20 million Euros, or 4% of the total annual worldwide turnover of your business.

Lesser infringements can result in a fine of the greater of 10 million Euros, or 2% of total annual worldwide turnover of your business.

In summary, if there is any chance that visitors from the European Union are interacting with your website, email marketing, or other online service providers, it's best to make sure that you are GDPR compliant.


If you have any questions, or would like our help in ensuring that your website and other properties are GDPR compliant, please leave a comment below or feel free to email us at hello@bartoncreative.co