GDPR has had a profound impact on the customer databases of a lot of small businesses.

Lindsey Roberts is GDPR project manager at Visualsoft, an e-commerce digital marketing agency. She talks about the effects of GDPR on small businesses and what you can do to make the new rules work for you.

The best companies were prepared

The effect of GDPR on any small business has a direct correlation to how well they prepared for the change. For those who sent information requests to customers well in advance of the regulation’s enforcement, databases should have remained strong.

Of course, they may have depleted due to individuals unsubscribing from communications – but this means that remaining subscribers are more likely to be more engaged and a better target for promotional material.

“Remaining subscribers are more likely to be more engaged and a better target for promotional material”

Removing stagnant contacts, that had little or no impact on the company’s revenue pre-regulation, allows businesses to focus on tailoring their products and content to those individuals that will continue to make purchases with them post-GDPR.

How do small businesses feel about the new rules?

Many of the businesses we work with are looking at this positively. For those that successfully adapted their processes to GDPR, the regulation is perceived as a positive enforcement.

Not only is it boosting customer conversion rates due to more targeted pools of data, it is also increasing brand trust by highlighting which companies are GDPR-compliant and – by extension – displays to customers that their data will be safe with that business.

Nevertheless, becoming GDPR-compliant has been a drain on resources in terms of finance and time. For new start-ups, this has been particularly difficult. They’ve been forced to spend the little spare capital they have on compliance strategies to avoid getting stung by even more costly penalties.

Adapting to change

GDPR states that consent for the storage and use of personal data must be specific, informed, unambiguous and freely given by users.

So, businesses have had to thoroughly assess all aspects of their sign-up processes to adhere to these requirements. This has involved clearly outlining how people’s information will be used, avoiding pre-ticked sign-up boxes and making the option to unsubscribe simple and easy.

However, while the majority of businesses have adapted to this post-regulation landscape, 37 per cent of organisations are still not fully compliant. In many cases, this can be put down to a general lack of understanding around how to alter business processes to adhere with the new regulation.

However, given the harsh penalties company’s face for non-compliance, they need to act fast to rectify any outstanding issues to ensure they avoid persecution.

Succeeding in the post-GDPR world

The biggest post-regulation success stories will be organisations that strike the perfect balance between maintaining high levels of transparency around customer data collection, while also finding new innovative ways of growing their databases.

A couple of effective ways of doing this are through email marketing and website optimisation. In terms of websites, it is beneficial to give subscribers the opportunity to sign up at any data collection point: checkout processes, contact us forms, stock notifications, and so on.

For email marketing, personalised welcome emails help customers feel special and are a great way of maximising returning custom. Transactional emails, on the other hand, are a very cost-effective way of driving subscription rates. By including information and a link to subscribe in order confirmation, basket abandon and stock notification emails, businesses can expect to boost subscriptions.

Retention is also a major key to succeeding post-GDPR. Audience segmentation is a great way of maintaining retention levels as it is an effective way of identifying which customers respond best to particular methods of communication. This helps avoid spamming them with information they are uninterested in and prevents disengaging customers.

What the small business owners think

We chat to two entrepreneurs who have very different feelings about GDPR.

Rachel Craft, marketing manager of Regency Factors, says that the company’s customer database has been depleted by GDPR.

I didn’t find becoming GDPR-compliant particularly easy. I have attended courses to ensure that we are compliant to the best of our ability but there are some questions that are yet to be answered.  I have had to rethink our marketing strategy ‘on the fly’ as information has not been easy to come by that is not full of legalese, making it difficult to plan for 2018.

It has completely decimated our database. We used to have a good readership of our weekly emails, but hardly any of these readers signed up to our GDPR-compliant email list. It has dropped by over 90 per cent.

I built a website for users to sign up with, which was sent out with our weekly emails for three months beforehand.  We also confirm permission at face-to-face meetings we may hold within the sales and marketing departments.

“It has been a huge inconvenience with absolutely no benefits whatsoever”

We have signed up for a system that will allow us to focus our efforts more that does not include emails, focusing on post instead. We are planning a cold calling campaign over the next few months based on this database filtering. We can identify which businesses are on the Telephone Preference Service so will not call them.

I don’t see any benefits in GDPR. The number of emails I receive personally has not dropped, and I was not asked by many of these senders to sign back up. I choose what I want to read and those that I don’t read get deleted. On a personal level, it hasn’t changed anything for me.

Business-wise, it has been a huge inconvenience with absolutely no benefits whatsoever.

Melanie Harwood, CEO and co-founder of Harwood Education as well as Start-Bee Handwriting and GiveForward.Education, talks about how she used GDPR rules to her companies’ advantage.

At first, we were like rabbits in the headlights. But as we set out a GDPR compliance strategy, it became clear to our team that we could and would survive the process.

It was an almost cathartic experience. But when we spoke with other businesses and schools, they did not find the experience as liberating as we did. Perhaps it was just the ticket we were after to make a major change in the way we did things?

But we were not afraid of it at all and even when we attended the free training on GDPR which was set up by our local Chamber of Commerce, we quickly realised it was a blessing in disguise.

We dumped our entire customer database. Deleted, removed and gone!

Starting again

It was a database which had taken us a little over seven years to build up and had cost us many thousands of pounds in the early stages of our business development to hone. We decided to start from scratch.

We no longer subscribe to a costly school mailing product because we felt that we should draw a line in the sand and build up a new contacts list in a far more innovative and effective way while incorporating GDPR within all our processes.

We have also breathed a huge sigh of relief that our streaming platform and learning management system (LMS) are our very own. If it were a third party LMS then how could we be sure that our customers’ details would not be used by other parties?

Communicating clearly with all our registered users about the usage of their data once they register on our Start-Bee streaming platform and LMS was key.

We have also spoken with as many of our registered users/schools as possible to find out if we need to be doing anything specific to align with their GDPR compliance.  It has been interesting to listen to the feedback from headteachers as to the added workload that GDPR compliance has created for their teams.

There were upgrades we had planned to build into our LMS and streaming platform but after looking into the GDPR rules, we simply wrote those off and returned to the drawing board.

Training for schools

We embarked on a training drive in all of our Start-Bee-registered schools and trained up their literacy teams to deliver the Handwriting Match Fit Assessment themselves. That way, we would never hold any of their pupils’ data on our systems and our platform.

It made sense for each school to have its very own handwriting specialist teacher and the timing was perfect as it became a smooth transition which handed all the power across to the schools themselves.

It was a swift kick for us that gave us a new direction for our business. We cleared out the old sales processes and invested in new systems that were all GDPR-compliant and far more efficient.

We have saved thousands on our monthly marketing and sales bills too. We signed an exclusivity deal with one company and they now sell the Start-Bee handwriting programmes and products exclusively to schools throughout the UK.

Their sales team have that one-to-one communication with the headteachers of each school and they have extremely robust processes and procedures in place themselves, to ensure they are GDPR-compliant.

“It was a swift kick that gave us a new direction for our business”

GDPR forced us to get back to the very reason why we created our Start-Bee handwriting scheme in the first instance. We didn’t want to hang on to the children’s nor the teachers’ data.

If GDPR had not been enforced when it was, we would probably not have innovated and shifted gear in a more positive direction. It has been a game changer for us because it demanded a clarity of thinking and a change in our processes within an extremely short turnaround.