Remember, people now have to opt-in …

The General Data Protection Regulations (GDPR) come into force in May this year. If you hold data on EU individuals then you have to get their consent to continue to receive your communications …

GDPR is going to have a major effect! Will you be caught out?

copyright: 4p business development

Previously, contact forms could have ticked opt-in fields and data could be held for as long as you liked (such as unsubscribed email addresses so you didn’t add them again). Thanks to GDPR, everything has changed.

GDPR will apply in the UK from May 2018 and replaces the Data Protection Act 1998 (DPA), however:

  • Did you know that the fines could be as much as £10m or 4% of your annual turnover (whichever is the greatest) per incident?

  • Do you believe that because you are a small business that these laws will not apply to you?

  • Will you continue to send out your communication, newsletters and other marketing material without taking the necessary steps?

Obtaining an ‘opt-in’ from the individuals in your database is just one step to protecting yourself.

Should you make the decision to continue sending out emails, mailshots and other communication in the same manner as you have always done, without gaining the individuals specific consent, you may find yourselves receiving a ‘Subject Access Request’ (SAR).

An SAR is a legal inquiry about why you have an individuals information, what you know about them and why you have it. You have to reply in a timely manner and you can’t charge for doing it.

Time is running out! Here are the top 6 things you should be considering immediately:

  1. Put processes in place to ensure that you can demonstrate that the individual consented specifically to your communication (collect signatures through specific Opt-In process)

  2. Where there are multiple matters, ensure that each individual consents specifically for different types of contact

  3. Make it extremely easy for individuals to withdraw their consent

  4. Ensure that all consent is freely given

  5. Ensure that consent is no longer assumed by the provision of a service

  6. That the individual absolutely understands what they are consenting to

For additional guidance, the Information Commissioners Office has published various guidelines and checklists to help you to understand and assess your level of compliance with data protection legislation.

They have created a PDF called ‘GDPR: 12 steps to take now’ which you can download by clicking here and further information for data controllers and data processors can be found here.

After considering all the information I have gleaned over the past few months from numerous seminars and events, I sent out an ‘opt-in’ email request to my database of existing and potential clients that I hold.

To date, I have received a positive response from less than 10% of my list. I will carry out this exercise once or maybe twice more after which time all data of those individuals who have not responded positively, will be removed from my newsletter database.


“How is this going to affect your business and how can you continue to attract new potential clients?”


If you’d like to get more insights about GDPR from my own experiences so far, do call me on 01280 700405 or click here to ping me an email and let’s see how I can help you.

Until next time …




If you’re looking for a partner to help grow your business, visit to discover how 4P Business Development can help you!