top of page

GDPR For New Dutch Business Owners

Updated: Mar 25, 2019

As a new business owner, or someone planning to start a business, do you have to consider the GDPR?

You’ve been undoubtedly hearing about the GDPR everywhere, the new data protection Regulation that came into force in May 2018. You’ve probably received notifications from any service / website you signed up to, asking you whether you still wanted to keep in touch, and to ‘opt-in’ again, as the service provider or business wanted to be ‘compliant’ with GDPR. Or you may have received emails from businesses you’d come across long ago, asking for your permission to (still?) keep your data. If you’ve been living or even visiting Europe, you may have found that you cannot access certain websites because of GDPR requirements, or noticed that the pop-ups on your screen looked a little different - instead of asking whether you agree or disagree, the pop-ups asking for your permission may now include a button called ‘Manage’ which allows you to exercise your options as a consumer as to what kinds of data get collected.

So what is the GDPR really, and what does it seek to achieve?.

A landmark framework regulation aimed at enhancing the protection of personal data processing practices, the GDPR is so designed so as to give a consumer more control over the data that they provide to companies, businesses and websites - and how it is processed or controlled. The GDPR achieves this by mandating that businesses should be explicit and clear in the permissions they seek, and should also offer consumers / visitors the option to not have their data, their visits to a website and their preferences tracked. This is also why, some visitors to websites in the European Union would have noticed that they’re able to reject the offer of websites to provide ‘relevant advertising’.

From the perspective of a small business owner, what does this mean for you?

Nearly every business has a website, and if so you will undoubtedly be collecting at least some data from your customers / users, such as their names, ID cards, bank account details, passport details, email IDs, etc. Therefore you should ensure that your business collects only the data that is absolutely required for running of the business, and for your business activities. Additionally, since the thrust of the GDPR is in handing more control to the consumer over the data, small businesses should make sure that they have explicit permission from their customers if they wish to share data with any ‘third parties’- such as partners and service providers that they may associate with in order to run their business. Additionally, even as a small business, it is essential that there are clear internal procedures in place to handle and process data as well as a reliable strategy to handle a breach in the business where the customer’s data could have been affected.


At first sight, and if you’ve been bombarded with newsletters, notifications and permissions that mention the GDPR, it may seem like a huge burden that involves considerable costs and effort, and you may feel overwhelmed by it. But compliance with the GDPR does not need to be an onerous task, and can be easily managed if a business’ procedures and practices are designed appropriately. Moreover, the efforts a business has to take in order to comply will have a far larger return, in that the data of your customers will be properly managed and processed, and protect you from issues that may arise in the future. In many ways it is a win-win, for a business as well as a customer.

Need help designing your GDPR - compliant processes? Get in touch!

37 views0 comments

Recent Posts

See All


bottom of page