We’ve written – a bit late sorry – some guidance on the website of our daughter company YogaTax around GDPR and Data Protection, in light of the new rules from 25 May 2018. Although written with Yoga Teachers in mind, its probably of general small business relevance.
Please remember we are accountants and business advisers, not Privacy Lawyers, and this content is our practical interpretation of the law – our MD Jessica runs a small yoga business, and this guidance is based loosely on what she has done.
In all honesty, although its fashionable, you probably don’t need to be sending blanket emails to all your contacts asking them to resubscribe or opt in, unless your mailing list was acquired through nefarious means – in which case data protection probably isn’t really troubling you (although it should).
You probably do need a Privacy Statement on your website, and to spend a bit of time auditing the classes of data you have.