Privacy Tips for Small Businesses
Very few SMEs can escape the growing influence of digital technology. That’s because it’s becoming more of a part of our daily lives in every conceivable way. Due to the way customers prefer to shop, learn about products, and communicate, businesses today are posed challenges such as:
- Developing and improving their e-commerce platforms
- Engaging with new and existing audiences via social media
- Tracking how customers use their websites via Google Analytics
- Attributing sales through digital marketing channels
With the wealth of data being produced as a direct result of this online activity, SMEs must embrace the opportunity associated with interpreting that data and take responsibility for how it is handled.
That’s exactly why we’ve produced this quick article to help SMEs get to grips with managing data and maintaining customer privacy.
1. Build a privacy policy
The first step in the privacy journey for any business should be to establish a privacy policy. This policy needs to outline your companies’ core values and approach when it comes to handling data. Your policy should progress from outlining your values to describing the concrete actions you’ll take to protect data.
2. Learn about the UK’s privacy laws
Privacy laws have been around for a while, and there are a few different organisations responsible for keeping these laws updated. Here are the key players to be aware of:
The UK Government
The Data Protection Act (2018) restricts how businesses, organisations, and even the government itself can use your personal information. It ensures that any data used by these entities is used for specific purposes, is relevant, and is processed and used lawfully – with principles such as:
- Lawfulness.
- Fairness.
- Transparency.
- Purpose limitation.
- Data minimisation.
- Accuracy.
- Storage limitation.
- Integrity.
- Confidentiality.
- Accountability.
The law sets out data subjects’ rights, as well as providing additional controls where processing involves special categories of data such as health data.
As an SME owner, you should be able to tell your customers exactly what data you’ll be collecting and how you intend to use it. This is known as a ‘privacy notice’, and it is an important part of the fairness and transparency requirements under UK legislation.
The Information Commissioner’s Office
Also known as the ‘ICO’, this organisation produces helpful guides to help business owners get to grips with the fundamental concepts behind privacy laws. It also provides some free practical guides on how to implement them.
Probably the best-known example of a pressing data protection law that companies have recently had to adapt to is the General Data Protection Regulation, which was introduced in 2018 and was incorporated into UK Law on Brexit. The resulting legislation is now referred to as the UKGDPR. In this instance, the ICO worked to produce guides intended to help businesses understand why GDPR laws were put in place, and what exactly they mean for business’ day-to-day operations.
GDPR laws have not been removed following the UK’s exit the from EU, instead they continue to apply and are pending a review by the UK government. Naturally, that review was postponed by the coronavirus pandemic, so it’s imperative that SMEs keep an ear to the ground on privacy law updates – including the many privacy laws beyond UKGDPR.
3. Practice data mapping
You’ll want your privacy notice to accurately reflect your customer’s journey, and what data is to be collected at different touchpoints. To ensure this, map out exactly how you intend to capture data, and through which channels. You’ll need to consider both offline and online channels, as well as the database software you’ll use to collect it, and any integrations where data is shared internally or with third parties.
Some practical considerations include:
- If you’re using a database software such as Microsoft Excel, you may want to designate an owner responsible for updating that sheet and ensuring data is relevant. You’ll also need to ensure that it’s secure, for example by adding password protection to it.
- If you’re capturing data through your website, you’ll need to ensure you give users the option to accept or reject cookies. HTTP cookies are tiny pieces of data that are captured when someone uses your site, and they can be used to understand their browsing history, or profile them in some instances. Legislatively, this type of data is covered by Privacy and Electronic Communications Regulations.
Cookies may matter more than you think
Google are paying close attention to how cookies work within their Chrome browser, and have recently released a huge update known as FLoC (Federation Learning of Cohorts). In this update, third party advertisers are banned from tracking data subjects while they browse the web.
Instead, data will be anonymised and clustered based on interests when shown to advertisers, so targeting relies less heavily on your search history, and more on your interests.
Another Silicon Valley company to up their privacy game is Apple, who have recently introduced an App Tracking Transparency initiative within iOS 14.5. It requires that each developer gives the user a choice to opt out of app tracking.
What this could mean for SMEs is that it becomes more expensive and difficult to run targeted ad campaigns on Facebook, for example, and for many smaller businesses these campaigns are crucial to success.
So, it may be worth developing your own cookie policy as a part of your wider privacy strategy. It’s crucial that SMEs communicate carefully with users on exactly what information you’ll be collecting, and how it will be used. Perhaps with complete transparency, prospective customers and website users will be more open to accepting your use of tracking cookies moving forward.
4. Proudly showcase your stance on privacy
Once you’re confident in your approach, and know that you’ve taken reasonable steps to upgrade your privacy practices, you can start showcasing your good work. Be careful to really think your practices through, though, as showcasing a rushed or underthought privacy notice could be detrimental.
Why showcase your practices at all, though? Well, customers really do care about privacy. Salesforce research (2019) indicates that 46% of consumers feel they’ve lost control over their own data, and coronavirus has caused a huge digital shift in which many brick-and-mortar businesses have had to explore online shopping avenues to ensure they can continue to sell.
Consequently, you may want to consider hosting your privacy notice on a dedicated landing page via your website, and factoring it into your social media messaging as you reassure your customers that you’re a responsible and trustworthy business.
We hope you’ve found our privacy tips useful. Visit our blog if you’re interested in reading more SME-focused tips, or check out our finance guides to learn how to properly leverage external finance for growth.
How could Rapid Cash help?
If your small business is looking to professionalise and seize every opportunity available to it, then ensuring you have the right external finance in place to support your operations could be key. That’s where we can help at NatWest Rapid Cash.
Our innovative invoice financing package integrates with your business’ accounting software, enabling you to get cash in advance on your unpaid invoices. With our flexible finance facility, you could find yourself improving your cash flow in the short term- through which you could steadily grow your business.
If this solution sounds like it could benefit you, read more about our product via our home page.
Eligibility
To be eligible for Rapid Cash you must be trading for more than 6 months, have an annual turnover of at least £100k and either be a Limited Company or Limited Liability Partnership in England and Wales. Additionally, you need to invoice other businesses and use one of the following digital accounting software: Xero, Quickbooks, Sage 50, Kashflow, FreeAgent and Netsuite.
Security and guarantee required. Product fees may apply.
