How can small businesses overcome the GDPR challenge?

GDPRGDPR is coming into effect in just over a month. How can small businesses gear up for the challenge ahead?

What is the General Data Protection Regulation and what does it mean?

By now, you probably know know that the regulation comes into force on 25 May. It’s designed to improve the way firms use individuals’ data, and sets out new, more prescriptive rules, which mean that firms need to upgrade the ways they process data.

When it comes into effect, it will fundamentally impact your marketing, client management and sales processes; it’s been suggested that it will be a bigger compliance challenge than MiFID II.

We’ve already explored how to avoid some potential GDPR pitfalls in your marketing and looked at the implications from the perspective of regulated firms. Here we look at some of the particular challenges for SMEs.

How are small businesses approaching GDPR?

For smaller firms, which may not have the budget or resource of their larger peers, compliance with any new legislation can be a particular headache.

If you work for an SME, you probably don’t have spare people in-house to work on GDPR-related projects. Nor are you likely to have lots of money to get external experts to help.

Research from the Federation of Small Businesses (FSB), quoted in a recent Marketing Week article found that in late February 2018, three months from the enforcement date, 90% of small firms were still not fully prepared. A third had not started preparing and a further 35% were only in the very early stages.

Quoted in the article, Mike Cherry, FSB National Chairman, said that ‘It’s clear that a large part of the small business community is still unaware of the steps that they need to take to comply and may be left playing catch-up’.

What problems are SMEs facing on GDPR?

1.  Knowing where to go for information and advice

            One of the businesses interviewed in the article, a marketing manager for a brewing firm, is ‘actively seeking information’, but ‘feels he’s lacking guidance              on where to find it’.

            The Information Commissioner’s Office (ICO) website is a good place to find up to date information. The ICO has published a series of myth-busting blogs              – you can read summaries of these in GDPR – sorting the myths from the reality and How to separate GDPR compliance myths from reality.

            You can also visit the ICO’s own microsite, which provides another good source of information, with downloadable tools. The What’s new page gives a     
            summary of developments by date.

2.  Lack of resource

            Smaller firms mean fewer people – obviously. Which means you have less resource to tackle ‘extras’ like new legislation. GDPR will mean increased       
            responsibility – not just in the run up to May 25th, but ongoing. Find out what efficiencies you may need to make to counteract this additional work.

            As well as meaning a lack of resource to tackle GDPR, fewer people can also mean firms are more likely to handle data incorrectly. Small firms see people
            doing multiple roles – which means that data processing could be done by any number of individuals. This makes enforcing any new rules harder.

            While this lack of control over marketing isn’t confined to smaller businesses, it can be exacerbated in them. Read more about how to identify whether     
            your marketing is out of control, and what to do about it
.

3.  Time to tackle the new rules

            The lack of people, and the multiple hats your people wear, mean you are limited on time. This can mean you depend more on outside help: as the 
            Marketing Week article says, ‘Many SMEs will be relying on partners such as their agencies and law firms for GDPR guidance’.

            Delegating to outside partners may be the best GDPR route for your firm. If so, and you’re regulated by the FCA, just make sure you comply with the   
            regulator’s rules on outsourcing.

            Also, look to see how you can save time in other ways. We’ve mentioned some of the efficiencies you can make to counteract the impact of GDPR. Explore   
            too the ways you can make your review and approvals process more efficient, to save you time and get materials to market faster.

The upsides of GDPR

Of course, the new rules aren’t just a burden. They also have the scope to streamline and fine-tune your approach to marketing.

Your mailing list may be smaller, but the people on it are likely to be more interested in what you’re sending them – they’ve chosen to receive it, after all.

Capitalise on this by making sure you give them content that will engage them. Read more about what the most effective marketing content is, and how you can use it and how to maximise engagement with your content marketing.

It may also, by necessity, widen the channels you use. It’s predicted that GDPR will increase the use of social media, as way of circumventing the new data rules. Find out how else your marketing might change under GDPR.

The world after 25 May 

And of course the impact of GDPR doesn’t end with the 25 May implementation date. There will be ongoing work to make sure you remain compliant, and longer-terms changes to your marketing strategy to adapt to this new world.

The GDPR is just another new challenge for marketers already grappling with reams of legislation and best practice guidelines.

If you want to read more about how the marketing manager role is changing, and what you can do to make sure you respond, download a copy of our whitepaper, The changing role of the Marketing Manager. It’s free, and you can get your copy here.

Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.

New Call-to-action