The impending General Data Protection Regulation, which comes into force on 25 May, presents one of the most challenging overhauls that many marketers will have ever faced. Nowhere is that truer than in small businesses.

While a lack of awareness and resources is putting many SMEs in danger of being on the wrong side of the law, those that have taken proactive steps with appropriate advice could even be able to teach larger companies some lessons. The simplicity of their approaches and the benefits some are already seeing in terms of customer engagement could represent in microcosm how bigger brands should address the task of compliance.

Research from the Federation of Small Businesses (FSB) suggests most SMEs are cutting it fine when it comes to meeting the deadline, however. In late February 2018, three months from the enforcement date, it found 90% of small firms were still not fully prepared, while a third hadn’t even begun preparing and 35% were only in the very early stages.

“The GDPR is the biggest shake-up in data protection to date and many small businesses will be concerned that the changes will be too much to handle. It’s clear that a large part of the small business community is still unaware of the steps that they need to take to comply and may be left playing catch-up,” says Mike Cherry, FSB National Chairman.

Many small businesses still unaware

“I only really thought about GDPR when you called up to talk to me about it,” says Chris Bingham, founder and owner of Berkshire-based beer company, Binghams. “But I think I might also have had an email from Her Majesty’s Government about it so it is on my radar.”

The brewery sells direct to customers from its HQ on the outskirts of Reading, as well as supplying a number of independent pubs, restaurants and local supermarkets.

“Our main customer database is made up of the emails from our brewery club and then the B2B side for talking to publicans. We run everything on mailchimp and there is an unsubscribe function,” he adds.

Bingham is the first to admit that he hasn’t really considered the implications of GDPR until very recently and is actively seeking information. Like many SMEs however, he feels he’s lacking guidance on where to find it.

“I would probably Google and then go to the Information Commissioner’s website to see if they have anything sensible on it. I’m also a member of FSB so that’s a three-pronged attack.”

Many SMEs will be relying on partners such as their agencies and law firms for GDPR guidance. “We were alerted to the whole thing by our digital marketing agency because, up to that point, we didn’t know anything about it,” claims Jo Bausor, head of marketing for the Henley Festival. “We felt it hadn’t been communicated about by anyone [else].”

The number of people we’ve been emailing has reduced massively but the engagement is better.

Miles Thorp, Banana Moon

A five-day international music and arts event, the Henley Festival entertains a 30,000-strong audience annually. It is in its 36th year and has a number of regular attendees as well as first-timers, so its customer database is wide-ranging.

Bausor notes the process it undertook to address GDPR compliance was relatively simple. All…