7 Myths About GDPR

I did a straw poll of some small businesses recently, and it was interesting to find that the majority did not use a Business Plan for planning and forecasting.

It might be the same for you. Maybe you don’t have anything formal; perhaps you jot down your goals and thoughts from month to month (or, week to week)?

If you run your own business, or department within a business, you may wonder if writing a Business Plan is worth the hassle. You understand that it’s important to plan, but you’re not sure you want to spend the time doing it.

If you’ve ever wondered what the point of a Business Plan is, here are 4 reasons you need one today:

It sets out your business intentions

More businesses than you’d think waste time and money pursuing white elephants that have no bearing on their goals and objectives.

With a Business Plan, you’ll get to clarify and specify what you aim to achieve in the coming weeks and months. You can always refer to it when the next shiny object comes along; it will serve as a good way tp keeo you on track!

It prompts you to think carefully about your what your customers need

Entrepreneurs are by nature creative, and left to their own devices, could easily dream up a warehouse full of cutting-edge products and services. But…

…is anyone out there asking for them?

A well-written Business Plan poses the questions of customer demand, and how your products and services meet that demand.

It helps you zero in on your target market

A good Business Plan poses will contain a section on your target market.

So apart from the obvious bit on just who your product or service is designed for, it will prompt you to analyse and detail things like the current state of the market, how it’s changing, trends and any gaps.

Researching and knowing these things will help you position your proposition, and make the most of any gaps that your competitors are not serving.

It forces you to plan for the money

This is the section of Business Plans that people struggle with most!

It’s also THE most important part.

How else will you know how much you should aim to make as a minimum to cover your costs, and how much cash you must have in the bank each month to keep the business running?

Ignore the finances, and you could end up in dire straits very soon.


And, don’t forget, a Business Plan is a living document! You will get clearer on some of the elements, and you can adjust these to be more specific or realistic as time goes on.

Most business owners and bosses I speak to agree on one thing: having a Business Plan is crucial for goal-setting and the success that comes with it.

When it comes to writing that plan however, I find that actions don’t match the rhetoric!

Writing a Business Plan can appear intimidating, but it isn’t as difficult as you might think. The fear of it can make the task into a monster it’s not!

So, have you ever made these excuses to NOT write a Business Plan?

“I don’t have time”

A common reason used to get out of doing just about anything!

But as the saying goes, if something is important you’ll make time for it.


Besides, this nut doesn’t have to be cracked all in one day. You can purpose to work on one section every 2 – 3 days and at the end of the month, you’ll have your Business Plan!

“I’m not good with numbers”

And my response to that is, who is?

Not many of us can be described as mathematical geniuses, but that doesn’t preclude us from running – and planning for – our successful businesses.

While section headings in the document like “Sales Forecast” and “Projected Cash Flow” may discourage the numerically challenged, taking the time to stop and think about what those words actually mean will remove the dread you feel deep in the pit of your stomach!

For example, “Projected Cash Flow” is simply a summary of how much cash you need to run your business day-to-day, and for your Sales Forecast, put in estimates for what you anticipate your best and worst case scenarios will be in terms of sales (be realistic!). Also, work out the minimum number of units you need to sell to cover your costs.

See? It’s not so scary when you break it down.

“It’s don’t want to pay someone to do it for me”

Yes, paying for a Business Planning service like ours requires a financial commitment.

You can certainly do it yourself, and my Business Plan template here breaks it down into manageable chunks designed to help and guide you.

But if you can’t dedicate the time or effort needed to do it yourself, is the cost really worth the risk of going from one day to the next without a plan?

“It will change as time goes on, so why bother?”

A Business Plan is a living document, so yes, you will need to keep updating it.

When you plan for months, a year or more in advance, there are conditions and elements that you will become more aware of, things that will happen and need to be finetuned in the plan.

That doesn’t mean it’s not a worthwhile exercise. I’ve written about why it’s something you need here.

Do have a read, and let me know if you have any queries.

(If you’re still wondering what the point of having a Business Plan is, have a quick look at this).

(I’ve put together a post explaining what the jargon in a Business Plan means; here it is. Start by reading that; it will help you with this part).

I know this sounds patronising. After all, who knows your business better than you?

I can assure you it isn’t meant to be. The point I’m making is that, as well as giving an overview of your business, you have to be able to articulate things like the main idea behind it, your mission and objectives, and who your main competitors are.

Think about what the market is like, and where it is going

So, what’s the current condition of the market?

Is it growing, fairly stable, or declining?

Are there any notable underlying trends?

What is the demand in the market, and how do your products or services meet that demand?

What’s your Unique Selling Proposition, and are there any gaps in the market which you intend to fill?

Know the audience you are selling to

Which segment of the market have you designed your products and services for?

Women, or men, or both?

Working women, or stay-at-home mothers?

People within a certain age range?

Are they based in cities, suburban or rural areas?

Are they early adopters or technophobes?

What are their problems, and which of these will you solve with your products and services?

These are some of the questions which will frame your offering. And they are crucial, because sometimes it’s easy to forget that our products and services are NOT for us.

They must meet the needs of your target market. Give the people what they want, as they say!

Brainstorm some ideas about how you will price, market and sell your products and services

Take some time to think about your pricing strategy.

Most of the time, people think this involves plucking a price out of the air, but there’s more to it than that!

How much does each unit cost to produce, and what margin will the market tolerate on top of that?

How does that then match your expectations for income and profit?

Then, you need to think about how you want to market and sell products and services. Social media makes advertising and marketing more accessible, but bear in mind that what works for a similar business may not work for yours.

So, do a bit of research, and have some intentions for how you will conduct your sales and marketing campaigns.

How will you measure your success?

“Measure your success” sounds boring, I know!

But if you don’t work out in advance how you’ll do this, how will you know what you’re working towards?

And more importantly, how will you know when it happens?

Take some time to think through the finances

This part is easy to skip, but is probably the most important of all.

You need a certain amount of cash to run your business every month. Sum up your expenses (and don’t forget to include your salary).

What does the total come to?

That’s what the amount you need to have available. Not invoiced and waiting to be paid; actual cash in the bank. Anything less, and you immediately have a cash flow problem.

Many a business has been successful on paper and in terms of invoiced amounts, but ended up filing for bankruptcy because it simply couldn’t meet its obligations when they were due.

Another key point to address is the length of time you think it will take to make a profit.

It’s not unusual for some businesses not to make a profit for some months, or even years. As long as you know that upfront and are prepared for it, that’s fine!

But if that’s the case, do you have an idea of what the losses will come to each month? How will this be funded, and how long can you sustain that?

In my experience, people either don’t plan for these scenarios, or are far too optimistic with their figures.

P.S. Where I’ve recommended doing research, please don’t think it has to be onerous.

Ask your family and friends. Use the internet. Create a poll using Surveymonkey or Google Polls. Some professional bodies – such as the Institute of Directors – offer research sessions which you can access as part of their membership. Check with your professional body and see if they can help you do some, maybe they’ve even done something similar already and have some statistics they can share with you!

The deadline to submit your self-assessment tax return is 31 January. With just over two weeks to go, it’s a good time to go over the 5 steps you need to follow to complete your self-assessment tax return.

The purpose of the return is to tell Her Majesty’s Revenue and Customs (HMRC) how much you earned in the last tax year and based on the information you provide, the appropriate income tax you need to pay is calculated.

If you are self-employed – so you don’t earn a salary from which your tax is automatically deducted – or have more than one source of income, this applies to you!

You can either do the return yourself, or hire an accountant to do it for you (check out the ICAEW or ACCA websites to find an accredited professional near you).

If you do decide to do it yourself, there are 5 steps I suggest you follow. Before I tell you what those are, there are a few things you need to know:

·        Tax years in the UK run from 6 April to 5 April, e.g. from 6 April 2016 to 5 April 2017.

·        The deadline to submit your return and pay the tax due is 31 January after the end of the tax year*. Using the example above, the deadline is 31 January 2018.

·        Act NOW if you haven’t already, because late payments attracts a penalty! If you suffered from a serious illness, family bereavement or a natural disaster you’ll be given a pass, but forgetting or being away on holiday do not count as reasonable excuses. So don’t put this off any longer!

Check to see if you qualify

You have to complete and submit a tax return if you were self-employed in the last tax year, or earned more than £2,500 in untaxed income.

For example, for landlords with rental properties, or people who rent out rooms in their homes, if the income after expenses is more than £2,500, a tax return must be submitted.

Some of the other criteria to consider are earned interest or dividends more than £10,000.

There’s a full list of these criteria here https://www.gov.uk/self-assessment-tax-returns/who-must-send-a-tax-return, and there’s also an online tool where you can confirm if you need to do this https://www.gov.uk/check-if-you-need-a-tax-return

Register with HMRC

If you haven’t filled in a self-assessment tax return before, you’ll need to register with HMRC before beginning the process of filling in the return.

You can do that here https://www.gov.uk/log-in-file-self-assessment-tax-return/register-if-youre-self-employed

HMRC will send you a Unique Taxpayer Reference – or UTR – which you’ll need when completing the return online.

Collate all the information you’ll need

Before you start filling in the return, I’d recommend you get all your records and information ready.

You’ll be asked to provide details for a whole raft of things which I’ve listed below:

·        The total of what you earned in the year. That includes income from your business and any employment.

·        Any income earned from dividends.

·        Any income earned from rent.

·        Any income earned from business interests you may have outside the UK.

·        Any interest earned on your savings.

·        Any interest you paid on borrowings.

·        Any contributions you made to a pension.

·        Any benefits you received, such as state pension, Child Benefit or unemployment benefit.

·        Any perks you received, such as private healthcare or a car allowance.

·        Any income earned from the sale of property or shares.

·        The sum of any valid business expenses.

Complete the return online

Now, you need to fill in all this information online.

Log into the HMRC system here, and input the relevant information when prompted https://www.gov.uk/log-in-file-self-assessment-tax-return/sign-in/prove-identity

You can fill sections in, save, and come back at a later time to complete it, if you need to.

Organise your records

Haven’t been that prepared this year? You can always start now to organise your records, so next year’s return isn’t so tedious! These are some of the documents I’d recommend you start filing.

·        Invoices

·        Payslips

·        Receipts

·        Bank statements

·        Pension statements

·        Benefit documentation

·        P11D expenses and benefits form.

HMRC requires that you keep records for up to 5 years after the deadline.

So even though you’ve completed this year’s return, it’s never too early to get your digital or physical filing in place for next year. I do both for a catch-all approach – you can never be too careful with the taxman!

There is a range of online accounting software you can use to keep track of all these items, and you can also file away hard copies.


And if you get stuck?

HMRC has lots of resources online https://www.gov.uk/topic/personal-tax/self-assessment which you can look through.

And remember, you can appoint a qualified accountant to do this for you.

*The 31 January deadline applies if you do your returns online. You can go old school with your returns if you prefer, but the deadline for paper returns is 3 months earlier in the October.

An effective headshot can give theviewer a sense of who you are more than words can say.

Here, you need to commit to some timelines.

So, remember those objectives you listed above? Break them down even further into tasks, and for each one put down a realistic completion date.

That will make sure your plans are firmly rooted and realistic, as opposed to being pie-in-the-sky aspirations that you have no chance of achieving.

The second Payment Services Directive – also known as PSD2 – becomes UK law on 13 january 2018.

From the name, it’s easy to think it only affects banks.

But hold on! It has implications for you too.

Here’s a summary of what it’s about, and the main ways it will affect you.

So, what’s PSD2?

The first Payment Services Directive (PSD) from 2009 put in place a legal framework for payments and related services across Europe.

It covered the rights and responsibilities of consumers, users and providers of payment services, and ensured that European countries implemented, and were held to, a uniform set of standards.

PSD2 builds on the success of PSD, and at its core wants to increase competition in the industry while reducing the dominance of banks.

Big banks have traditionally held all the aces when it comes to the business of payments, and when you consider the amount of information they hold on their customers – data is big business, just ask Facebook! – there’s been little incentive for them to innovate what they have on offer. Save for a few companies such as PayPal, Apple and Stripe, few have been able to make even the tiniest dent in the banks’ market share.

Why is this a problem, you ask? It means that you as a consumer don’t have much of a choice. When you look at the UK, there are 4 big banks, with VISA and MasterCard being the two dominant payment card schemes. So where do you go for a truly different sort of service?

Why was PSD2 introduced?

PSD2 is set to become law in the European Economic Area (comprising the 28 EU member states, as well as Norway, Iceland and Liechtenstein) on 13 January 2018, and here are some of the reasons the wheels were set in motion:

1.       To encourage new players, especially those that are NOT banks, to get into the business of payments.

2.       To encourage the introduction of new, cutting-edge technology which will revolutionise the way payments happen in Europe.

3.       As a result of increased competition and technology, the expectation is that the cost of payments will fall. A bonus for consumers!

4.       To improve security around payment processes, and the way consumer data is handled.

Who is responsible for PSD2?

PSD2 is a directive issued by the European Commission, which becomes national law on 13 January.


How does PSD2 affect you?

You already have many rights when it comes to protection against misuse of your data, and any potential fraud.

PSD2 takes these even further, by mandating that banks and businesses that process payments use what is referred to as strong customer authentication (SCA) for payments.

This means they have to take significant steps to make sure any payment you make is actually coming from – and authorised by – you.

So if you find you’re asked to verify your identity or payment in a different way, don’t be alarmed. It’s all PSD2-related.

Talking about your data though, in a bid to promote competition and open it up to new organisations, banks could potentially share what they know about you with these new players to the market, who will fall into 2 categories:

Payment Initiation Service Providers, and Account Information Service Providers.

Agreeing to use these services could make your online payments simpler and more seamless, and you’ll be better placed to compare what’s available in the marketplace. It also means you could make a payment directly from your bank account without using a debit or credit card, which could save you any card charges and fees.

Don’t worry, your data won’t be shared without your permission! Banks – who as well as being dominant forces in the landscape, are also the largest repositories of consumer data – are required by PSD2 to share this data when you give your permission, as a way of levelling the playing field.

In preparation for PSD2, your bank will have sent the last few years developing technical integrations to make the data sharing process easier. There’s a whole initiative around this within UK banking called Open Banking, and your bank will have already sent you something that looks like this:


PSD2 is also meant to end a practice that’s been a pain for consumers for a long time.

You know when you go into a shop, or book theatre tickets online, and you’re charged an additional percentage for using your credit card?

That practice – known as surcharging – ends with PSD2.

That’s not to say that shops and retailers will take this lying down; it’s hard to know how they will respond. They might swallow the costs, put their prices up across the board (which would affect ALL buyers, not just those using cards), or offer shoppers an incentive to use different ways to pay.

The jury is still out on this one, so keep your eyes peeled to see what happen when you shop after 13 January!


How does PSD2 affect your business?

PSD2 only affects payment institutions, credit institutions, and electronic money institutions.

If this is not your core business, there is no impact.

The only thing to note is that, if you add a surcharge for credit cards when collecting payments, this practice will no longer be allowed.


Will Brexit affect PSD2?

The UK government has confirmed that PSD2 implementation will not be affected by the process of leaving the European Union.

Since that only takes effect in 2019, PSD2 will be fully implemented and transposed into UK law.

One of the main things I dislike about EU legislation – and the new General Data Protection Regulation is no exception – is the way it is written.

Documents are lengthy, and the language is technical, vague and unwieldly.

Even lawyers complain that interpreting it is a herculean task, and this is even when one has the resources to hire teams dedicated to doing this and not much else!

Determining what the regulations ACTUALLY say is left to the general populace, and a consequence is that an entire industry has emerged around the GDPR.

Much has been written on the subject; some of which makes sense.

And the rest? Not so much.

While I’m aware of the irony of contributing yet another article to the Data Protection universe, I wanted to dispel these 7 myths about the GDPR:

My business is small, GDPR doesn’t apply to me

This myth is quite common among small businesses, the misconception being that their company size or number of employees have any kind of bearing on whether this is relevant.

The qualifying criteria have nothing to do with whether you are a solopreneur, or have just one employee. A couple of questions you have to ask yourself are:

  • Do you collect or use data that can be used to identify an individual? Bear in mind that this data could relate to an employee, freelancer or contractor, supplier, or client. In case you’re wondering what kind of data could identify an individual, think email addresses, names, dates of birth, and even a computer’s IP address.
  • Do you work with data that can be considered sensitive? So, information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life. Genetic and biometric data also counts as sensitive (or special category, to use the correct GDPR term).

If the answer to (either or both) of these questions is “Yes”, then the GDPR applies to you. To be fair, there aren’t many businesses it wouldn’t apply to!

The supervisory authority in the UK – the Information Commissioner’s Office – has a simple assessment tool you can use to check if the new law applies to your business.

The authorities will never come after me

I routinely hear people say, “The regulator won’t come after us; we’re too small. They just don’t have the resources to police this; they’ll go after the big boys first.”

By all means take a risk-based decision on whether this is something to comply with in your business. But while the comment about resources may have some truth in it, it’s important to understand that getting on the regulator’s radar isn’t just a function of how big your company is.

If several of your clients complain to the ICO about data misuse or other non-compliance, that will certainly get you noticed, regardless of whether you’re a multinational or a freelancer from a co-working space.

Processing personal data without consent, or not acting on a request relating to the individual rights are examples of scenarios where your customers could complain to the ICO, so it’s important to get familiar with what constitutes personal data, what personal data you hold, why you need to hold it, how you store it, what the individual rights are, and how you would respond to customer requests.

My business is not based in the EU, so it doesn’t concern me

One of the aspects of the GDPR is its extraterritorial reach.

Which means it’s not restricted to businesses which operate within the EU!

As well as all businesses in the EU, it applies to any businesses that serve or monitor customers resident in the EU, regardless of where those businesses are headquartered or located in the world.

So, companies like Facebook, Amazon, Google, Facebook, Salesforce and InfusionSoft are bound by the GDPR and have to comply with it, since thery serve and hold data on EU customers.

Now, how the EU will enforce the GDPR in cases of non-compliance on international companies is a different story; one for another day perhaps…

As long as I present subscribers to my email list with a double opt-in, I’ll be compliant

GDPR has been every marketer’s nightmare.

Their databases have taken months and years to build and are considered the lifeblood of their businesses, as it means they have a list of contacts who are “warm” (i.e. they are familiar with the product or service they provide and have at some point expressed an interest in it), who they can keep informed by way of regular updates, and can sell to when new things are added to the product range.

The issue is that most (if not all) of those contact details cannot be proved to have been sourced in ways that are considered GDPR-compliant, and so businesses are having to seek the consent of whose details they hold.

I’m sure your inbox has been flooded by similar requests; I’ve had emails from companies I haven’t even heard of, asking if I want to continue hearing from them!

The key to this is that customers have to actively opt in. this means they can be no pre-ticked boxes, and the onus cannot be on the customer to opt out.

The problem this present for marketers is that many people are choosing NOT to opt back in to many databases; anecdotal evidence suggests that less than 20% of contacts on their databases are doing so!

The point is that some contacts previously got on databases and distribution lists by means of a double opt-in, which is where you might input your email address to get access to a free gift (such as a checklist, pdf, white paper, etc.) – this is the first opt-in.

The business offering the gift emails you asking you to confirm that you really want the gift – this is the second opt-in.

However with the GDPR, opting in to a distribution list must be explicit and not linked to any other communication or offer, which means the double opt-in as it was previously used in conjunction with free gifts and offers, no longer suffices.

Individuals must clearly understand that they are agreeing to be on your distribution list, and you must be able to evidence that, if it is ever required.

I use other software and systems, but it’s up to THEM to be GDPR compliant

It is, but since they are working on your behalf, you have the overall responsibility to ensure they are compliant before they process any data on your behalf.

I’ll give you an example. Say I use Office 365 software on my laptop, and as part of my client work, I process their data via Outlook, Excel and PowerPoint, which are all Office 365 applications.

The onus is on me to ensure that Microsoft is adhering to the GDPR.

The way to do this is to ask your software supplier what they have done to achieve compliance, or ask them for a Data Processing Addendum to your existing contract (in this scenario, they are acting as a Data Processor on your behalf, and you are the Data Controller. I’ve explained what these terms mean here .

You will find that larger companies like Microsoft have a standard one which they will have sent out to users of their software – or it will be on their website.

If you do not get a satisfactory response from a vendor or supplier, and are not convinced of their approach to GDPR, you may want to consider the merits of continuing to give them your custom, as their non-compliance could compromise your business.

Since my business is based in the UK, Brexit means I don’t have to comply with GDPR

Even though the United Kingdom is due to exit the European Union in 2019, the government has confirmed that the GDPR will still apply.

The ICO is the UK’s supervisory authority, and has been advertising the incoming regulation for the past few months.

So sorry folks, this is one you still need to comply with, regardless of Brexit!

Once I comply by 25 May 2018, my job in terms of data protection is done!

The enforcement deadline is 25 May 2018, but that doesn’t mean your responsibility for data protection ends there. Compliance is something you’ll need continue to execute and monitor, so unfortunately, this isn’t something that’s a one-off.

Your databases, records, processes must be living documents, and training will need to continue to ensure that standards are maintained.

*Please note that this does not constitute advice on the legalities of GDPR or data protection. This blog post is for the purposes of awareness and information only; you remain responsible for getting independent advice and ensuring your business complies with the regulation.

  • May 21, 2018
  • GDPR