Understanding GDPR: What It Is and What Your Business Needs to Know

If your business collects names, emails, enquiries or website data, GDPR applies to you. While the term can sound intimidating, the principles are simple — and following them not only keeps you compliant, it helps build trust with your customers.

This article explains what GDPR is, why it matters, and what practical steps small businesses should take to align with it.

What is GDPR?

Its aim is to give individuals more control over their personal information — how it's collected, used, and stored — and to hold businesses accountable for how they handle that data.

What counts as personal data?

Personal data means any information that can identify someone, directly or indirectly. This includes:

• Full names

• Email addresses

• Phone numbers

• IP addresses

• Location data

• Website form submissions

• Behavioural data collected via tracking tools (e.g. Google Analytics)

If your business collects this kind of data — even through something as simple as a contact form — you're expected to follow GDPR guidelines.

Why GDPR matters:

Whether you’re a sole trader or a growing team, GDPR still applies. You don’t need to be sending email campaigns or storing large databases to fall under its scope. If someone can submit information to your website or if your site tracks user activity, you're responsible for how that data is handled.

Being compliant means:

• You're protecting your customers’ rights and data

• You're reducing your legal and reputational risk

• You're presenting yourself as a trustworthy, responsible business

KEY REQUIREMENTS UNDER GDPR

Here are the main things businesses need to consider:

1. Privacy Policy

You must have a clear privacy policy on your website. This should explain:

• What personal data you collect

• Why you collect it

• How it’s stored and protected

• Who it’s shared with (if anyone)

• How users can access, update, or delete their data

  
  

2. Consent for Marketing

If you collect email addresses for updates, offers, or newsletters, you need to gain clear, active consent. This means:

• A visible opt-in (not pre-ticked)

• Clear wording about what users are signing up for

• An option to unsubscribe at any time

3. Cookie Notice and Tracking

If your website uses tools like Google Analytics or Facebook Pixel, you’ll need to display a cookie banner that:

• Lets users accept or decline tracking

• Links to a cookie policy with full details

• Records and respects user preferences

4. Data Security

You’re responsible for keeping the data you collect safe. This includes:

• Using secure platforms and tools

• Only collecting the data you actually need

• Ensuring that data is password protected or encrypted where appropriate

What happens if you don't comply:

Non-compliance can result in fines, but for most small businesses, the larger risk is reputational. Customers are increasingly aware of their data rights, and a lack of transparency or professionalism can put them off working with you.

Having the right privacy practices in place shows you’re a responsible business — and it’s often a requirement when working with larger organisations or public bodies.

How we can help:

At Truene Creative, we design websites that not only look professional, but also include the practical elements your business needs — including GDPR compliance.

We can help you:

• Add a clear privacy and cookie policy

• Set up a compliant contact or enquiry form

• Implement a cookie consent banner

• Make sure your sign-up forms meet data protection requirements

If you're unsure about what your business needs, or you just want to get it right without the guesswork, feel free to get in touch.