Dear Clients (current and potential),

Throughout July and August I found myself struggling a lot with all my commitments, to you as my client, to my kids as their mum and to myself. Mistakes were made all round to which I apologies for and will be making amends where possible.

Reflecting on those mistakes and looking forward to the next few months I have come to the realisation my business has developed and grown beyond my current processes, to the point they are actually having a negative impact on my business. I find myself checking emails before I have even opened my eyes in a morning, or checking them as they close on an evening. I have found myself trying to research and build websites on my phone while walking around parks with my kids during the day. This as expected has a negative impact on my love for my business but even more so it has a negative impact on the quality of service I am providing.

As many of my clients know I have medical conditions, and a son with disabilities, so we both require a number of medical appointments. As of the 3^rd of September I will be taking on the task of going through the Autism Diagnosis process with my son, which will require more than the usual medical appointments. I am also under going treatment on my eyes to prevent any vision loss due to my medical conditions, and will be starting a new medical regime to hopefully improve my health – I have to fight for funding first though! I do not envision this having a major impact on my work but I will keep you updated.

Also in the upcoming months I will be starting Uni studies again. My course starts on the 1^st of October and in April I will be taking on a 2^nd course which will overlap. These are the last 2 courses for my Uni degree and vital to me receiving my degree so I will need to be able to dedicate the necessary time to them.

Taking all these upcoming changes in to consideration I am changing aspects of my business process to ensure I can fulfil these commitments and also fulfil your projects.

I will no longer reply to messages before 10am in the morning, and after 8pm at night. The exception to this rule is
- Wednesdays, where I will stop answering messages at 2pm so I can spend the evening studying.
- Monday’s and Friday’s mornings till 12pm where I will be taking care of household errands and studying.
- Times when I am involved in my kids after school activities and it is difficult to (usually between 3:30pm and 6pm)
Instead of instant replies with minimal information, replies may take longer, so I can guarantee a more in depth reply with more relevant information. This will avoid messages getting missed, or small tasks being looked over. I understand these are all important but they sometimes are overlooked when buried in emails with big project details.
Sunday’s are my social media day so anything you wish posting for the following week will need to be provided by 1pm Sunday.
Any documents that require regular updates – such as reports or tracking documents – will be saved as an online file for easy access, and to avoid having several copies of the file floating around. A link to this file will be provided when the first document is created.
I have turned off email notifications on my phone to negate the urge to reply while on the go as this has shown to cause quite a few problems, with mistyping and missed messages etc

I hope you can understand the need to fine tune my contact hours, and the way I work to provide a better service to you while also being me, a mum and a student. Many of my clients have always been accepting of my many roles and at times restrictions, to which I am appreciative as I know it can be hard when you want something done urgent. However, this way should create a smoother more efficient working process for all.

If you have any concerns then please do get in touch and I will work with you to relive them.

To anyone out there thinking they are alone struggling with being a business owner – you are not! We all have something going on in the background and it is doesn’t need to be hidden away. You will be surprised how many people are understanding and appreciative of knowing, creating a better working relationship between you.

Care and support

Shari Sant

RedRite Founder

GDPR.

Its 4 letters that have started to put the fear of life in business owners, and with its implementation in May not too far away many business owners are stressing over whether they are compliant or not.

STOP STRESSING!

GDPR is all about being upfront, honest and very clear in what you do – which as business owners we should be anyway. The biggest change that has affected me and my clients is that of email marketing and data handling, something very simple to become compliant in. So here are my top tips to becoming GDPR Compliant based upon research, and multiple seminars.

Data

So what do they mean when they say Data?

They mean any data you hold on your PC, mobile, latop etc Data includes details such as name, address, contact number and email. The usual details you need t conduct business.

There is a secondary level of data which is classed as sensitive data and must be treated even more delicately. Data that falls under this category is things such as medical information, religious information and financial information. It is best to get a compliant officer/lawyer to help you understand how to handle this data.

So now we know what Data is, what’s next?

Whether you use the data for contractual purposes, marketing or for profiling to understand your audience it all needs to be clearly put out there for those that the data belongs to, to understand. Therefore you need to update your privacy policy.

You also need to make sure you have explicit consent to hold and process their data.

Update your Privacy Policy

If you have a website with Google Analytics installed, cookies or a contact form then you need to update your Privacy Policy to include what details they use, and how. For example, my Privacy Policy states exactly what data I will obtain when you visit my website, how I obtain that information as well as how I use it and with what software – Google Analytics.

The Privacy policy is relevant for website visitors and clients as it also advises clients what information I will need from them and the systems I will use to process that data. Agreeing to my services creates an understanding of contractual performance for me to process that data in order to provide the services – without it I can not perform the tasks required.

Consent

So I have mentioned Contractual performance, which is quite clear in regards to consent given. But what other forms of consent are there, and how do you prove it?

This is where Email marketing comes in!

Firstly, that list of emails you have for your newsletter – you need to be able to prove you had consent from them all to send the emails you send. The easiest way is double opt-ins for new subscribers. All though not required it does assure you that the person signing up is in complete agreement by completing the secondary sign up step. The data you can download from your email marketing platform will keep a track of when they signed up and when they signed the confirmation email – this is your evidence!

For current subscribers, you can send them an email with a sign up link to a new list asking for confirmation they would like to remain on your mailing list. This is a good time to let them know what do with their data, and the types of emails you will be sending them to make it VERY clear how the data is being processed – as require by GDPR.

If someone contacts you via a contact form, or generally via email you can not just add them to your list! This is not consent. You need to direct them to your sign-up form and get them to sign up themselves.

There is also an issue with freebies – although I do not have all the details – but there is a grey area because people are signing up for the freebie, not to receive marketing emails (although we all expect them). To continue offering a freebie you need to make it VERY clear that not only are they signing up for the freebie but also for the marketing emails – without this you will be in hot water.

Other forms of Consent

If you have employees – then by law you are required to process their data for things such as HMRC. Therefore agreeing to work for you is giving consent for that data to be processed. There are a few legal obligations that also require businesses to process consumer data such as The Enterprise Act 2002.

The final relevant form of Consent is that of Legitimate interest. Now this is a very flexible lawful basis but can not be used as an excuse for every processing task you take part in. According to GDPR you can se this as a lawful basis if –

‘you can show that how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object – but only if you don’t need consent under PECR’.

You can hold data for suppliers, and 3^rd parties as these details are required in order to provide services to your clients, therefore falls under legitimate interest.

Right to be forgotten

So this another area I know a few fellow business owners are having issues wrapping their heads around. So let’s break it down as simple as possible.

Individuals now have the right to request any data you hold is removed from their databases – every single one of them!

Once an individual has made a request to be forgotten a business has just 1 month to follow through – unless legal obligations require otherwise. And this is where it gets fuzzy for people.

The main reason to not comply is where the data is needed to provide agreed services, and without it the agreed contract cannot be fulfilled. There are also other reasons, the ICO states:

‘The right to erasure does not apply if processing is necessary for one of the following reasons:

to exercise the right of freedom of expression and information;
to comply with a legal obligation;
for the performance of a task carried out in the public interest or in the exercise of official authority;
for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
for the establishment, exercise or defence of legal claims.’

So for example, take employee records. They are required to be held for a set amount of time, even after the employee leaves, and it is during this time that the data can be held even if the employee requests to have it erased. The reasons being for HMRC record keeping and if required for legal claims – i.e unfair dismissal.

If you have clients who come back say once a year for projects – like branding help – then you can hold their data with the intent that it is kept for future projects. Just make sure you let them know you will hold it for that length of time!

Security

This is a biggie.

The data you do hold, and process needs to be kept secure, preferably encrypted. GDPR requires us to hold the information in a way that prevents unlawful processing, accidental loss, destruction or theft using appropriate technical measures.

If someone gets access to your database then you are required to inform everyone you hold data for ASAP.

Such ways to protect the data is to ensure you have firewalls in place, the data is held on an external hard drive unplugged from your laptop when not in use, or if using a 3^rd party to process and hold the data they are complaint with GDPR and under Article 32 of GDPR.

GDPR is not as scary as people first thought and although for some it might mean more paperwork and process changes while they get use to the new requirements, it will soon become easy to comply.

I am still learning, and still finding out all that I can to help people with GDPR. I have compiled the main points I feel are most relevant to sole traders/small businesses but if you have any questions do not hesitate to get in touch and I will go through my research to find the answer for you.

RedRite

Posts tagged: Business Processes

Changes to RedRite – and a Personal Note

Lets Work Together