GDPR – The clock is ticking….

GDPR will come into force across the EU on Friday 25th May 2018. This means all businesses must be compliant by that date.  Have you started taking action yet?

From a marketing perspective, the biggest shake up will be around how personal data can be used for marketing purposes, and how that data is stored and protected.

Under the GDPR you’ll only be able to send marketing communications to customers if they’ve opted in to receive them.  It will also be necessary to be able to prove that an individual has done so, by placing the burden on the business.  Individuals will also have the right to withdraw their consent at any time.

There is a lot of discussion around ‘what is the duration’ of consent.  I have done quite a lot of reading around this and I must say that I haven’t found any clear guidelines  However, it does seem to be implied that it does not last forever and should only be for as long as necessary.  At the moment, the ICO’s recommendation is to refresh consent ever 2 years.

It is important that you get into the habit of keeping good records moving forward to prove that an individual/customer has offered their information to you.  It is recommended that you should keep the following info:

  • Who consented
  • When they consented
  • What they were told at the time – what they were consenting to
  • How they consented – for example a copy of the completed data capture form with timestamp
  • If consent has been withdrawn – if so when.

One question that I am frequently asked is – does someone giving a business card at an event constitutes consent? The ICO has published draft guidance and gives the example of people at a conference putting their business cards in a box to take part in a prize draw. By putting their card in the box, they have clearly demonstrated consent to their personal details being used in relation to the prize draw but they have not consented to any wider use such as marketing purposes.

It gets a little confusing when you then look at oral consent which the ICO have highlighted as a valid unambiguous statement.  My take on this is – if you are networking and someone gives you a business card and clearly states that they want to receive your email newsletter, I would write the date, what it is they want to receive e.g. newsletter, the time and the networking event on their business card and keep this on record. I would also recommend that you send them a follow up email and ask them to confirm by opting in via the method you are using.

Key Steps you should be doing now:

  1. Review your current data that is held and understand your current consent provisions. Can you prove you have consent from everyone?  If the answer is ‘no’ then you will not be able to use this data after 25th May 2018.
  2. Start splitting your data by who has consented and who hasn’t
  3. Review your privacy policy and data capture forms to bring them in line with the information that is required to comply with GDPR. You must provide a mechanism that requires a deliberate action to opt in.  You also cannot rely on silence, inactivity, default settings, pre-ticked boxes etc.
  4. Review how you store and manged record information. Are you capturing all the information that you need to provide consent?   Also consider if you are keep unnecessary information!
  5. Decide how long consent should last for your business in terms of marketing communications. Incorporate this in your privacy policy and set in place a system to provide reminders to refresh consent or remove individuals when they lapse.

I hope this information has been helpful. It’s all about process and evidence.  I am working on writing other blog posts that will focus in on key areas such as ways you can gain consent from your existing lists for your future marketing communications.

For reference if is worth keeping an eye on these two websites as things are being constantly updated:

How to Prepare Your Business For GDPR

As we enter the last 7 months of countdown, more and more businesses are starting to worry about GDPR. At first, it was only the finance and IT industry that were wringing their hands, but soon business owners realised everyone would be affected by the new regulation. By now most business owners worth their salt have heard about the new GDPR. The savvy ones might have even started putting measures in place to get ready for it. But most of those are “big businesses”. You know, the ones who have infinite resources and entire departments dedicated to compliance and regulation. But that leaves the smaller businesses somewhat flustered and unsure of what to do. But never fear, Little Acorn are here to provide some more general guidance on the issue of GDPR.

What Is GDPR?

But first, what is this big bad acronym that has business owners rushing around like ants? GDPR stands for General Data Protection Regulations, and it’s essentially the EU’s answer to the Data Protection Act. However, unlike previous EU directives (which countries can choose to implement or not, and how), this is a regulation. This means it will apply to all EU countries in the same way. It also reaches outside of the EU to any organisation that handles EU citizen data, regardless of their location in the world. The regulation is already in place – we are partway through a transition period that allowed businesses to get their house in order before the regulation comes into effect on the 25 of May 2018.

The aim of the regulation is to unify and standardise data protection policies, shoring up weak spots and creating a strong base for personal data protection. The regulation provides a single set of rules for all member states to follow (including mandatory security notifications, new rules around user consent, a clearer definition of what could be personal data and greater rights for people to access and request deletion of the information companies hold on them). A special council will be created to oversee sanctions and provide guidance.

The Brexit Question

I feel I need a small note here. Before you ask, yes, UK businesses will still have to comply even if Brexit goes ahead. Not only will be still be handling EU citizen data (and therefore still subject to GDPR), but the government have also confirmed that they will be passing GDPR into UK law if we do leave. So, no matter what happens, you still need to prepare.

Areas of Your Business Affected by GDPR

The mistake a lot of businesses are making is assuming that GDPR will only really affect the IT department. And while it might be true that IT will certainly be hit hardest, that doesn’t mean the rest of the business is off the hook. In fact, there are 5 key areas of every business that will be impacted by GDPR:

Legal – One of the most important areas to be affected is the legal department (if you have one). There are many different changes that will need to be made to contracts, terms and conditions, policy documents throughout the business to ensure the consent rules are being met. This also means that the legal department will have to review and possible renegotiate contracts to meet this requirement.

Finance – GDPR will hugely influence the way accounting and financial processes function within your business. Huge amounts of confidential data pass through this department every day, so you need to be sure all your systems and policies are bulletproof. Because of the volume of data at risk, GDPR will impose heavy penalties on businesses that fail to guard their financial data adequately.

Sales & Marketing – Sales and marketing departments are the front line when it comes to dealing with customer data. They are usually responsible for the collection of data, so the consent rules need to be carefully followed. Sales and marketing need to make sure that their teams are addressing customers who have opted in or given their direct consent to receive it.

HR – GDPR will not only impact the way the business works, but it will also improve the rights of all employees too, giving them increased safety, security and control over their personal data. Everyone in the HR department needs to be updating contracts, ensuring that everyone understands their new rights and implementing them.

IT – And of course, the IT department are the first line of defence for all this data. The IT department is the foundation for the GDPR framework, which is why IT departments are currently running around like mad trying to get the systems updated and everything ready.

At Little Acorn Marketing, we are working with businesses in the Thames Valley to help them get ready for GDPR. Sure, we might not be able to help with the in-depth technical IT issues, but we can help review and improve your sales and marketing policies. Whether you just need a few tweaks or to redesign a new strategy to stay complaint, we are here to help. For more information, just get in touch today.

Email – the dreaded ‘delivery status notification (failure)

This week I am welcoming my first guest blogger – Holly Thorne from Virtual Angels


Imagine: you’ve spent ages composing an email. Pressed send and then… in a matter of seconds, back comes the dreaded ‘delivery status notification (failure)’.  That’s not so bad if it’s just one email, but what if you’ve just sent your latest email campaign and it’s not just one bounce but a large percentage of your campaign list.  You might be losing out on valuable customers.

Contact details can be wrong for many reasons; the details were recorded incorrectly; the person has moved roles or companies; or maybe they’ve changed their name.  These are just some of the reasons but what can you do to keep information up to date?

Set up a Database

Create a database or consider signing up to a CRM system that’s suitable for your business.  If your contact details are all in one place, you’ll know where to find them. Many CRM systems can now integrate with your emails or other marketing tools to make updating contact information even simpler.  With a contact database you can make notes or create tags so that you can record information such as when you last contacted someone, their preferred name or where you met them.

When choosing a system, consider if you require restricted access (e.g. logins with password access), multiple user logins or customisable fields. If using an online CRM system, check where your data will be stored and how it will be kept safe.

Your contact database should be your ‘single source of truth’ when it comes to contact information and if you have other team members, you need to ensure they know this too. That way, if you’re off sick or a member of staff leaves, the rest of your team can still find relevant information – so contacts are still contactable.

Back it up!

If you’re keeping an electronic database, back it up at least once per week. Ensure the backup is secure and cannot be accessed by people who should not have access to it.

Maintain and Update

It’s really important that you regularly review and update your contact database, also known as ‘data cleaning’. The best trick for this is little and often – spot check contact records and as soon as you become aware of any changes, update them.

If someone’s email bounces, make a note of it the first time. If it bounces again, try contacting them in a different way to see if they are still using that email, or if they have an alternative one they would like you to use.

Ultimately, you can have the fanciest CRM system in the world, but it you don’t have good quality data you may as well have a carrier bag messily stuffed full of business cards!

Finally – The Data Protection Act 1998 outlines your legal obligations when you hold information. This includes keeping personal data accurate and up to date. If you’re unsure of your obligations, check out the ICO website for more information.

If you would like to learn more about setting up a CRM system, Holly would be happy to chat with you.  Her email is

Are you making all your testimonials work for you?

As a business owner you will know that LinkedIn is a great B2B social media platform and an excellent place to showcase your experience. One key way to do this is by having recommendations. These are totally independent but unfortunately they do have their limits.

You can only be given a recommendation by another LinkedIn member.  For many of us this is absolutely fine but for some businesses this can be very limiting.  It maybe the nature of your work is confidential or perhaps your clients are just simply not on LinkedIn. For example if your clients were predominantly aged 65 plus.

So what can you do if this is the case for your business? This is a question I am commonly asked when training on LinkedIn.

Well LinkedIn now allow you to attach files to you profile.  This means that you can still ask for a recommendation and attach it to your relevant work experience section or even your main profile summary.  Your clients can give a written testimonial, anonymously if necessary which you can scan in to your computer.

Whilst in ‘edit mode’ on your profile, just click on the symbol highlighted below and follow the instructions for uploading a file.

add document to LinkedIn Profile

So why not look back in your files – have you got a fabulous client testimonial that is gathering dust? Scan it today and get it up on your LinkedIn profile!

If you would like more tips on LinkedIn I am running my next workshop – LinkedIn for the Small Business Owner on 28th April 2016.  For more information click here.

The power of the spoken word

I spend a lot of time crafting written communication that has maximum impact, whether that be copy for a website, a case study or perhaps social media posts.

However last week I felt like a fish out of water when the communication became verbal not written, and even worse on video!

I consider myself a confident speaker and can happily stand up and present a 40 second business introduction or deliver a training course. But speak into a camera – nope that is way out of my comfort zone.

I was attending a Video Presenting Skills for Business course at Pinewood Studios with the aim of perfecting a 1 minute promotional video.  It was a thoroughly enjoyable day and I wanted to share some of the key things that I learnt.

There are 3 key elements of communication:

  1. The words you use – surprisingly not the most important part!
  2. Your tone of voice
  3. Body Language

When presenting you need to think about the most important words that you want to get across and make sure you emphasize them.

Don’t be afraid of silence – leave a pause – this can be very powerful.

Check your speed – even if you think you are speaking slowly the chances are you are not.

Even though you are not talking to someone in person you will be on video and the person will be watching you very closely. Look into the camera and be authentic, use eye contact.

Be passionate – it is your business so be proud!

And finally remember SMILE and your voice will too!

video presentation workshop

The course was run by and in conjunction with the 10-12 Business Club (Structured professional networking for business women)

If you would like to learn more I would be happy to talk in more detail about my experience.  You can contact me via email

The confusing world of social media and the small business


I was recently asked to present to a networking group on the subject of social media.  There is so much talk about social media and so many options that it is easy to get confused and struggle to get started.

However if a few simple steps are taken it can be relatively pain free undertaking.

Firstly spend time thinking about your objectives and what you want achieve.  Is it increasing traffic to your website or to demonstrate expertise and thought leadership?

Then identify the social media platforms that are best suited to help you achieve your objectives.  For example blogging, LinkedIn and twitter may suit thought leadership campaigns, whilst Facebook and twitter might be better suited for getting better access to customers. It is easy to assume that they are all good for your business and a mistake that can cost you significantly in time.

My advice would be do not dive in until you are ready and have a clear strategy.

At the end of the presentation I had one member say that he had a very specific target customer and approached them directly so he really didn’t see why time and effort should be focused on social media.

My response was – It all comes back to having clear objectives and thinking beyond the immediate here and now.  How about those people who are just outside the target? Wouldn’t it be great to be able to grow the business reputation and start building relationships as one day they may be a target customer!