GDPR – A Glossary of Terms You Should Know

I did a straw poll of some small businesses recently, and it was interesting to find that the majority did not use a Business Plan for planning and forecasting.

It might be the same for you. Maybe you don’t have anything formal; perhaps you jot down your goals and thoughts from month to month (or, week to week)?

If you run your own business, or department within a business, you may wonder if writing a Business Plan is worth the hassle. You understand that it’s important to plan, but you’re not sure you want to spend the time doing it.

If you’ve ever wondered what the point of a Business Plan is, here are 4 reasons you need one today:

It sets out your business intentions

More businesses than you’d think waste time and money pursuing white elephants that have no bearing on their goals and objectives.

With a Business Plan, you’ll get to clarify and specify what you aim to achieve in the coming weeks and months. You can always refer to it when the next shiny object comes along; it will serve as a good way tp keeo you on track!

It prompts you to think carefully about your what your customers need

Entrepreneurs are by nature creative, and left to their own devices, could easily dream up a warehouse full of cutting-edge products and services. But…

…is anyone out there asking for them?

A well-written Business Plan poses the questions of customer demand, and how your products and services meet that demand.

It helps you zero in on your target market

A good Business Plan poses will contain a section on your target market.

So apart from the obvious bit on just who your product or service is designed for, it will prompt you to analyse and detail things like the current state of the market, how it’s changing, trends and any gaps.

Researching and knowing these things will help you position your proposition, and make the most of any gaps that your competitors are not serving.

It forces you to plan for the money

This is the section of Business Plans that people struggle with most!

It’s also THE most important part.

How else will you know how much you should aim to make as a minimum to cover your costs, and how much cash you must have in the bank each month to keep the business running?

Ignore the finances, and you could end up in dire straits very soon.


And, don’t forget, a Business Plan is a living document! You will get clearer on some of the elements, and you can adjust these to be more specific or realistic as time goes on.

Most business owners and bosses I speak to agree on one thing: having a Business Plan is crucial for goal-setting and the success that comes with it.

When it comes to writing that plan however, I find that actions don’t match the rhetoric!

Writing a Business Plan can appear intimidating, but it isn’t as difficult as you might think. The fear of it can make the task into a monster it’s not!

So, have you ever made these excuses to NOT write a Business Plan?

“I don’t have time”

A common reason used to get out of doing just about anything!

But as the saying goes, if something is important you’ll make time for it.


Besides, this nut doesn’t have to be cracked all in one day. You can purpose to work on one section every 2 – 3 days and at the end of the month, you’ll have your Business Plan!

“I’m not good with numbers”

And my response to that is, who is?

Not many of us can be described as mathematical geniuses, but that doesn’t preclude us from running – and planning for – our successful businesses.

While section headings in the document like “Sales Forecast” and “Projected Cash Flow” may discourage the numerically challenged, taking the time to stop and think about what those words actually mean will remove the dread you feel deep in the pit of your stomach!

For example, “Projected Cash Flow” is simply a summary of how much cash you need to run your business day-to-day, and for your Sales Forecast, put in estimates for what you anticipate your best and worst case scenarios will be in terms of sales (be realistic!). Also, work out the minimum number of units you need to sell to cover your costs.

See? It’s not so scary when you break it down.

“It’s don’t want to pay someone to do it for me”

Yes, paying for a Business Planning service like ours requires a financial commitment.

You can certainly do it yourself, and my Business Plan template here breaks it down into manageable chunks designed to help and guide you.

But if you can’t dedicate the time or effort needed to do it yourself, is the cost really worth the risk of going from one day to the next without a plan?

“It will change as time goes on, so why bother?”

A Business Plan is a living document, so yes, you will need to keep updating it.

When you plan for months, a year or more in advance, there are conditions and elements that you will become more aware of, things that will happen and need to be finetuned in the plan.

That doesn’t mean it’s not a worthwhile exercise. I’ve written about why it’s something you need here.

Do have a read, and let me know if you have any queries.

(If you’re still wondering what the point of having a Business Plan is, have a quick look at this).

(I’ve put together a post explaining what the jargon in a Business Plan means; here it is. Start by reading that; it will help you with this part).

I know this sounds patronising. After all, who knows your business better than you?

I can assure you it isn’t meant to be. The point I’m making is that, as well as giving an overview of your business, you have to be able to articulate things like the main idea behind it, your mission and objectives, and who your main competitors are.

Think about what the market is like, and where it is going

So, what’s the current condition of the market?

Is it growing, fairly stable, or declining?

Are there any notable underlying trends?

What is the demand in the market, and how do your products or services meet that demand?

What’s your Unique Selling Proposition, and are there any gaps in the market which you intend to fill?

Know the audience you are selling to

Which segment of the market have you designed your products and services for?

Women, or men, or both?

Working women, or stay-at-home mothers?

People within a certain age range?

Are they based in cities, suburban or rural areas?

Are they early adopters or technophobes?

What are their problems, and which of these will you solve with your products and services?

These are some of the questions which will frame your offering. And they are crucial, because sometimes it’s easy to forget that our products and services are NOT for us.

They must meet the needs of your target market. Give the people what they want, as they say!

Brainstorm some ideas about how you will price, market and sell your products and services

Take some time to think about your pricing strategy.

Most of the time, people think this involves plucking a price out of the air, but there’s more to it than that!

How much does each unit cost to produce, and what margin will the market tolerate on top of that?

How does that then match your expectations for income and profit?

Then, you need to think about how you want to market and sell products and services. Social media makes advertising and marketing more accessible, but bear in mind that what works for a similar business may not work for yours.

So, do a bit of research, and have some intentions for how you will conduct your sales and marketing campaigns.

How will you measure your success?

“Measure your success” sounds boring, I know!

But if you don’t work out in advance how you’ll do this, how will you know what you’re working towards?

And more importantly, how will you know when it happens?

Take some time to think through the finances

This part is easy to skip, but is probably the most important of all.

You need a certain amount of cash to run your business every month. Sum up your expenses (and don’t forget to include your salary).

What does the total come to?

That’s what the amount you need to have available. Not invoiced and waiting to be paid; actual cash in the bank. Anything less, and you immediately have a cash flow problem.

Many a business has been successful on paper and in terms of invoiced amounts, but ended up filing for bankruptcy because it simply couldn’t meet its obligations when they were due.

Another key point to address is the length of time you think it will take to make a profit.

It’s not unusual for some businesses not to make a profit for some months, or even years. As long as you know that upfront and are prepared for it, that’s fine!

But if that’s the case, do you have an idea of what the losses will come to each month? How will this be funded, and how long can you sustain that?

In my experience, people either don’t plan for these scenarios, or are far too optimistic with their figures.

P.S. Where I’ve recommended doing research, please don’t think it has to be onerous.

Ask your family and friends. Use the internet. Create a poll using Surveymonkey or Google Polls. Some professional bodies – such as the Institute of Directors – offer research sessions which you can access as part of their membership. Check with your professional body and see if they can help you do some, maybe they’ve even done something similar already and have some statistics they can share with you!

The deadline to submit your self-assessment tax return is 31 January. With just over two weeks to go, it’s a good time to go over the 5 steps you need to follow to complete your self-assessment tax return.

The purpose of the return is to tell Her Majesty’s Revenue and Customs (HMRC) how much you earned in the last tax year and based on the information you provide, the appropriate income tax you need to pay is calculated.

If you are self-employed – so you don’t earn a salary from which your tax is automatically deducted – or have more than one source of income, this applies to you!

You can either do the return yourself, or hire an accountant to do it for you (check out the ICAEW or ACCA websites to find an accredited professional near you).

If you do decide to do it yourself, there are 5 steps I suggest you follow. Before I tell you what those are, there are a few things you need to know:

·        Tax years in the UK run from 6 April to 5 April, e.g. from 6 April 2016 to 5 April 2017.

·        The deadline to submit your return and pay the tax due is 31 January after the end of the tax year*. Using the example above, the deadline is 31 January 2018.

·        Act NOW if you haven’t already, because late payments attracts a penalty! If you suffered from a serious illness, family bereavement or a natural disaster you’ll be given a pass, but forgetting or being away on holiday do not count as reasonable excuses. So don’t put this off any longer!

Check to see if you qualify

You have to complete and submit a tax return if you were self-employed in the last tax year, or earned more than £2,500 in untaxed income.

For example, for landlords with rental properties, or people who rent out rooms in their homes, if the income after expenses is more than £2,500, a tax return must be submitted.

Some of the other criteria to consider are earned interest or dividends more than £10,000.

There’s a full list of these criteria here, and there’s also an online tool where you can confirm if you need to do this

Register with HMRC

If you haven’t filled in a self-assessment tax return before, you’ll need to register with HMRC before beginning the process of filling in the return.

You can do that here

HMRC will send you a Unique Taxpayer Reference – or UTR – which you’ll need when completing the return online.

Collate all the information you’ll need

Before you start filling in the return, I’d recommend you get all your records and information ready.

You’ll be asked to provide details for a whole raft of things which I’ve listed below:

·        The total of what you earned in the year. That includes income from your business and any employment.

·        Any income earned from dividends.

·        Any income earned from rent.

·        Any income earned from business interests you may have outside the UK.

·        Any interest earned on your savings.

·        Any interest you paid on borrowings.

·        Any contributions you made to a pension.

·        Any benefits you received, such as state pension, Child Benefit or unemployment benefit.

·        Any perks you received, such as private healthcare or a car allowance.

·        Any income earned from the sale of property or shares.

·        The sum of any valid business expenses.

Complete the return online

Now, you need to fill in all this information online.

Log into the HMRC system here, and input the relevant information when prompted

You can fill sections in, save, and come back at a later time to complete it, if you need to.

Organise your records

Haven’t been that prepared this year? You can always start now to organise your records, so next year’s return isn’t so tedious! These are some of the documents I’d recommend you start filing.

·        Invoices

·        Payslips

·        Receipts

·        Bank statements

·        Pension statements

·        Benefit documentation

·        P11D expenses and benefits form.

HMRC requires that you keep records for up to 5 years after the deadline.

So even though you’ve completed this year’s return, it’s never too early to get your digital or physical filing in place for next year. I do both for a catch-all approach – you can never be too careful with the taxman!

There is a range of online accounting software you can use to keep track of all these items, and you can also file away hard copies.


And if you get stuck?

HMRC has lots of resources online which you can look through.

And remember, you can appoint a qualified accountant to do this for you.

*The 31 January deadline applies if you do your returns online. You can go old school with your returns if you prefer, but the deadline for paper returns is 3 months earlier in the October.

An effective headshot can give theviewer a sense of who you are more than words can say.

Here, you need to commit to some timelines.

So, remember those objectives you listed above? Break them down even further into tasks, and for each one put down a realistic completion date.

That will make sure your plans are firmly rooted and realistic, as opposed to being pie-in-the-sky aspirations that you have no chance of achieving.

The second Payment Services Directive – also known as PSD2 – becomes UK law on 13 january 2018.

From the name, it’s easy to think it only affects banks.

But hold on! It has implications for you too.

Here’s a summary of what it’s about, and the main ways it will affect you.

So, what’s PSD2?

The first Payment Services Directive (PSD) from 2009 put in place a legal framework for payments and related services across Europe.

It covered the rights and responsibilities of consumers, users and providers of payment services, and ensured that European countries implemented, and were held to, a uniform set of standards.

PSD2 builds on the success of PSD, and at its core wants to increase competition in the industry while reducing the dominance of banks.

Big banks have traditionally held all the aces when it comes to the business of payments, and when you consider the amount of information they hold on their customers – data is big business, just ask Facebook! – there’s been little incentive for them to innovate what they have on offer. Save for a few companies such as PayPal, Apple and Stripe, few have been able to make even the tiniest dent in the banks’ market share.

Why is this a problem, you ask? It means that you as a consumer don’t have much of a choice. When you look at the UK, there are 4 big banks, with VISA and MasterCard being the two dominant payment card schemes. So where do you go for a truly different sort of service?

Why was PSD2 introduced?

PSD2 is set to become law in the European Economic Area (comprising the 28 EU member states, as well as Norway, Iceland and Liechtenstein) on 13 January 2018, and here are some of the reasons the wheels were set in motion:

1.       To encourage new players, especially those that are NOT banks, to get into the business of payments.

2.       To encourage the introduction of new, cutting-edge technology which will revolutionise the way payments happen in Europe.

3.       As a result of increased competition and technology, the expectation is that the cost of payments will fall. A bonus for consumers!

4.       To improve security around payment processes, and the way consumer data is handled.

Who is responsible for PSD2?

PSD2 is a directive issued by the European Commission, which becomes national law on 13 January.


How does PSD2 affect you?

You already have many rights when it comes to protection against misuse of your data, and any potential fraud.

PSD2 takes these even further, by mandating that banks and businesses that process payments use what is referred to as strong customer authentication (SCA) for payments.

This means they have to take significant steps to make sure any payment you make is actually coming from – and authorised by – you.

So if you find you’re asked to verify your identity or payment in a different way, don’t be alarmed. It’s all PSD2-related.

Talking about your data though, in a bid to promote competition and open it up to new organisations, banks could potentially share what they know about you with these new players to the market, who will fall into 2 categories:

Payment Initiation Service Providers, and Account Information Service Providers.

Agreeing to use these services could make your online payments simpler and more seamless, and you’ll be better placed to compare what’s available in the marketplace. It also means you could make a payment directly from your bank account without using a debit or credit card, which could save you any card charges and fees.

Don’t worry, your data won’t be shared without your permission! Banks – who as well as being dominant forces in the landscape, are also the largest repositories of consumer data – are required by PSD2 to share this data when you give your permission, as a way of levelling the playing field.

In preparation for PSD2, your bank will have sent the last few years developing technical integrations to make the data sharing process easier. There’s a whole initiative around this within UK banking called Open Banking, and your bank will have already sent you something that looks like this:


PSD2 is also meant to end a practice that’s been a pain for consumers for a long time.

You know when you go into a shop, or book theatre tickets online, and you’re charged an additional percentage for using your credit card?

That practice – known as surcharging – ends with PSD2.

That’s not to say that shops and retailers will take this lying down; it’s hard to know how they will respond. They might swallow the costs, put their prices up across the board (which would affect ALL buyers, not just those using cards), or offer shoppers an incentive to use different ways to pay.

The jury is still out on this one, so keep your eyes peeled to see what happen when you shop after 13 January!


How does PSD2 affect your business?

PSD2 only affects payment institutions, credit institutions, and electronic money institutions.

If this is not your core business, there is no impact.

The only thing to note is that, if you add a surcharge for credit cards when collecting payments, this practice will no longer be allowed.


Will Brexit affect PSD2?

The UK government has confirmed that PSD2 implementation will not be affected by the process of leaving the European Union.

Since that only takes effect in 2019, PSD2 will be fully implemented and transposed into UK law.

So much content has been produced about GDPR, it can be difficult for readers to make out the wood from the trees.

One of the things about legislation like this, is that it isn’t written in a way that’s clear and easy to understand.

I sometimes wonder if that’s deliberate; the language is intentionally ambiguous, businesses interpret it how they see fit, and then the regulator claims the interpretation isn’t the right one!

There are several terms relating to GDPR which regularly appear whenever it is discussed. To support your understanding of the subject, it helps to get familiar with these terms and what they mean.

To help you do that, here’s a glossary of GDPR terms you should know:


This occurs when Personal Data (see definition below) is changed so that individuals cannot be identified.

That makes it safer for the Data Subject (see definition below)and means the information can be used more widely since the risk of a breach has been reduced.


This refers to the permission which must be sought – and given– to collect and process data.

With GDPR, there must be clear proof of consent provided by a Data Subject.

Data Breach

The common misconception is that data breaches involve the loss of data only.

In reality data breaches happen when a failure in security results in the unintentional or deliberate destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Under GDPR, Data Processors have to report the breach to their Data Controller as soon as they find out about it, and Data Controllers then have obligations to report this to the Lead Supervisory Authority (see definition below)no later than 72 hours after becoming aware.

Data Controller

This is the organisation that determines the purpose and means for processing Personal Data (see definition below). So if your business collects any sort of data, you’re a Data Controller.

It means you will have to instruct any third party you ask to process data on your behalf, such as a cloud computing provider, and you need to ensure that your contractual arrangements with that third party cover how they process data in a manner that is compliant.

Note that a Data Controller can also be a Data Processor.

Data Processor

This is the organisation responsible for processing data on behalf of a controller.

For example if you use an application like Stripe to accept credit card payments, that application is functioning as a Data Processor on your behalf.

Data Processors have to maintain records of the personal data they hold, and how it is processed.

Data Subject

A Data Subject is the individual or customer whose Personal Data has been collected and processed.

The Data Subject has to provide consent for this to happen, and has Individual Rights pertaining to how his / her data is handled and kept.

Extraterritorial Applicability

You may hear this mentioned about the wider reach of the new regulations.

It refers to the fact that the GDPR is not restricted to businesses which operate within the borders of EU.

As well as all businesses in the EU, it applies to any businesses that serve or monitor customers resident in the EU, regardless of where those businesses are headquartered or located in the world.

For example, GDPR will apply to companies like Facebook, Amazon Web Services, Microsoft, Salesforce, Trello, Twitter and InfusionSoft, as long as they have EU residents as customers and hold their data.

Supervisory Authority

Each EU country has a regulator overseeing the new GDPR.

In the UK, that is the Information Commissioner’s Office (ICO).

Individual Rights

Data Subjects have 8 Individual Rights, which are:

1. Right to be Informed

Refers to the processing information to be provided by businesses as part of their privacy notification. Encourages Data Controllers to be transparent about how they use the data in their care, and here are details of the information that must be supplied.

2. Right of Access

Refers to the rights individuals have to access their personal data.

This will be requested via a Subject Access Request, and the data is to be provided free of charge.

The data must be provided within a month of receiving the request; there is scope to extend this by a further two months if the requests are many and complex.

3. Right to Rectification

Where personal data is wrong or incomplete, individuals can ask for them to be rectified.

The data must be rectified within a month of receiving the request; there is scope to extend this by a further two months if the request is complex.

4. Right to Erasure

Also known as the Right to be Forgotten, this refers to an individual’s right to ask for their personal data to be deleted.

5. Right to Restrict Processing

Refers to an individual’s right to stop their personal data being processed.

There could be a number of reasons for such a request, such as when the accuracy of the data is in question.

6. Right to Data Portability

Refers to an individual’s right to have their data moved, copied or transferred, typically from one technical system or environment to another.

7. Right to Object

Refers to an individual’s right to object to their personal data being processed and used for direct marketing or research.

Data processing must be stopped once such an objection is received.

8. Rights related to Automated Decision Making

Refers to the provisions for profiling and automated decision-making, such as in the case of loan and credit card applications.

Personal Data

Any data that can be used to identify a Data Subject.

Includes – and is not limited to – information about name, date of birth, address, email address, bank details, medical information, social media posts, and IP addresses.

Privacy by Design

This is an approach that puts data privacy and protection front and centre of a business’s projects, systems and processes. Instead of being an afterthought, which is usually the case, Privacy by Design means organisations make data privacy and protection a priority when designing and planning projects, products, systems and processes.

Special Category Data

This includes details of race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation.

Special Category Data contains details which are more sensitive than Personal Data, and can only be requested in certain circumstances since they present significant risks to fundamental rights and freedoms.

*Please note that this blog post does not constitute advice on the legalities of GDPR or data protection. It is for awareness and information purposes only; you remain responsible for getting independent advice and ensuring your business complies with the regulation.

  • February 24, 2018
  • GDPR