{"id":3769,"date":"2018-02-13T15:47:07","date_gmt":"2018-02-13T15:47:07","guid":{"rendered":"https:\/\/www.sage.com\/en-gb\/blog\/?p=3769"},"modified":"2025-12-05T11:32:13","modified_gmt":"2025-12-05T11:32:13","slug":"gdpr-guide-small-businesses","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-guide-small-businesses\/","title":{"rendered":"GDPR for small business: A quick-start guide"},"content":{"rendered":"<header class=\"entry-header has-dark-background-color entry-header--has-illustration entry-header--has-illustration--generic\">\n\t<div class=\"container\">\n\t\t<div class=\"entry-header__row row align-center\">\n\t\t\t<div class=\"col col-lg-7 col-xlg-6 entry-header__content\">\n\t\t\t\t\t\t\t<div class=\"component component-single-header\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"entry-header__misc text--subtitle text--uppercase text--small\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.sage.com\/en-gb\/blog\/category\/strategy-legal-operations\/\" class=\"entry-header__link\">Strategy, Legal &amp; Operations<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t<div class=\"entry-title-wrapper\">\n\t\t\t\t\t<h1 class=\"entry-title\">\n\t\t\t\t\t\tGDPR for small business: A quick-start guide\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t<p class=\"entry-header__description\">\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t\t<div class=\"single-post-details container\">\n\t\t<div class=\"col\">\n\t\t\t<span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2018-02-13T15:47:07+00:00\">13 February, 2018<\/time><\/span><span class=\"reading-time\"> min read<\/span>\n\t\t<button\n\t\t\ttype=\"button\"\n\t\t\tclass=\"social-share-button button button--icon button--secondary js-social-share-button\"\n\t\t\tdata-share-title=\"GDPR for small business: A quick-start guide\"\n\t\t\tdata-share-url=\"https:\/\/www.sage.com\/en-gb\/blog\/gdpr-guide-small-businesses\/\"\n\t\t\tdata-share-text=\"Please read this interesting article\"\n\t\t>\n\t\t\t<span class=\"social-share-button__share-label\">Share<\/span>\n\t\t\t<span class=\"social-share-button__copy-label\" hidden>Copy Link<\/span>\n\t\t\t<span class=\"social-share-button__copy-tooltip\" aria-hidden=\"true\" hidden>Copied<\/span>\n\t\t<\/button>\n\n\t\t\t\t<\/div>\n\t<\/div>\n\t<\/header>\n\n\n\n<div class=\"wp-block-post-author has-dark-background-color alignfull\">\n\t<div class=\"container\">\n\t\t<div class=\"col\">\n\t\t\t\t\t\t\t<div class=\"co-authors\">\n\t\t\t\t\t\n\t\t<div class=\"entry-author-wrapper\">\n\t\t\t<a class=\"entry-author\" href=\"https:\/\/www.sage.com\/en-gb\/blog\/author\/keirthomasbryant\/\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2025\/06\/keir-short-hair-350x350.jpg\" class=\"entry-author__image\" alt=\"\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2025\/06\/keir-short-hair-350x350.jpg 350w, https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2025\/06\/keir-short-hair.jpg 760w\" sizes=\"auto, (max-width: 40px) 100vw, 40px\" \/>\t\t\t\t<span class=\"entry-author__name\">Keir Thomas-Bryant<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n<\/div>\n\n\n\n\n\n<p>Believe it or not, it was just 100 days as of Valentine\u2019s Day until the GDPR comes into force on 25&nbsp;May 2018. Whether you\u2019ve fallen in love with GDPR or not, you might want to use this as a milestone to measure how well your GDPR preparations are progressing.<\/p>\n\n\n\n<p>For example, you might want to tune into one of our GDPR webinars to better understand the legislation and what GDPR means for small businesses.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-gdpr-and-small-business\"><strong>GDPR and small business<\/strong><\/h2>\n\n\n\n<p>However, below are some headline examples of how GDPR will affect the typical functions and\/or departments of a small business, with the following caveats. Firstly, this is not an exclusive list and nor is it a substitute for receiving legally qualified advice or examining your own procedures and methods in depth (see the Sage Legal Disclaimer at the end of this piece).<\/p>\n\n\n\n<p>Secondly, at the time of writing the exact impact of <a href=\"https:\/\/www.sage.com\/en-gb\/gdpr\/\">the GDPR<\/a> isn\u2019t yet known. For example, we lack practical examples of what agencies such as the <a href=\"https:\/\/ico.org.uk\/\">Information Commissioner\u2019s Office<\/a>&nbsp;are likely to find acceptable or objectionable, and some of the wording of the GDPR legislation is open to interpretation.<\/p>\n\n\n\n<p>Therefore, what\u2019s detailed below can only be considered as educated guesses at the very best. This is what GDPR means for small business&#8230;<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"video-container-wrap -mode-full\"><div class=\"video-container\"><video\n\t\t\t\tclass=\"sage-video video-js vjs-default-skin \"\n\t\t\t\twidth=\"640\"\n\t\t\t\theight=\"360\"\n\t\t\t\tdata-setup='{ \"controls\": true, \"aspectRatio\" : \"16:9\", \"poster\": \"https:\/\/img.youtube.com\/vi\/Y7k04399RJ4\/maxresdefault.jpg\", \"techOrder\": [\"youtube\"], \"enablejsapi\": 1, \"origin\": \"https:\/\/www.sage.com\", \"sources\": [{ \"type\": \"video\/youtube\", \"src\": \"https:\/\/www.youtube.com\/watch?v=Y7k04399RJ4\"}], \"youtube\": { \"ytControls\": 0, \"cc_load_policy\": 3, \"modestbranding\": 1, \"hl\": \"en_GB\", \"playsinline\": 1 } }'\n\t\t\t\tcrossorigin=\"\"><\/video><\/div><\/div>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-sales-and-marketing\"><strong>Sales and marketing<\/strong><\/h2>\n\n\n\n<p>The GDPR\u2019s new, stronger requirements for consent can hit marketing and customer processes in a particularly harsh way.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-existing-marketing-data\"><strong>Existing marketing data<\/strong><\/h3>\n\n\n\n<p>Put simply, with existing databases for marketing leads you will have to undertake two tasks, at least, prior to the GDPR\u2019s implementation:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Legally review the consent that was used originally and see if it\u2019s compatible with the GDPR\u2019s requirements.<\/li>\n\n\n\n<li>In the likely event that your existing consent isn\u2019t sufficient, and there\u2019s no other basis for lawful processing of the data, you will have to contact each and every one of the individuals in the database to seek new consent. If you don\u2019t receive fresh and specific consent for the ways in which you\u2019d like to process the data then that individual\u2019s data must be suppressed or deleted.<\/li>\n<\/ul>\n\n\n\n<p>It\u2019s been estimated that the above requirements could mean databases such as those for sales and marketing are reduced by as much as three quarters. However, it\u2019s also been pointed out that those customers who respond with fresh consent are proving themselves more valuable because of their willingness to engage with your business.<\/p>\n\n\n\n<p>Remember that consent is only one possible requirement for lawful processing. If an ongoing contract between you and a customer or client already exists \u2013 or is likely to do so soon \u2013 then you don\u2019t necessarily have to get consent, for example, where that processing is necessary for the performance of a contract or in the legitimate interests of your business and\/or the customer.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-consent-moving-forward\"><strong>Consent moving forward<\/strong><\/h3>\n\n\n\n<p>Of course, you will need to create new GDPR-compatible processes for any personal data you gather from individuals moving forward and this may involve getting consent.<\/p>\n\n\n\n<p>Remember that you can no longer assume consent or use a single consent as carte blanche for all processing activities, or use a pre-ticked box on a website to assume consent is given.<\/p>\n\n\n\n<p>Before purchasing any marketing leads, you will need to ensure the consent of each individual contained within complies with the GDPR \u2013 which is to say they will have given clear and individual consent for their details to be sold on in this way. Considering most people are unlikely to agree to this, the sale, purchase or transfer of marketing leads is likely to become a rare activity.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-data-minimisation\"><strong>Data minimisation<\/strong><\/h3>\n\n\n\n<p>The GDPR says you can\u2019t simply grab lots of data from an individual without justification, so marketing can no longer be a \u201cfishing expedition\u201d where you present checkboxes or a questionnaire with a view to somehow using the data you collect in future.<\/p>\n\n\n\n<p>Your processes will need to show what data you\u2019re collecting and explain what you intend to do with it \u2013 and you may need to gather consent for using that data in a specified way. You should also document when you intend to suppress or erase it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-dealing-with-customer-enquiries\"><strong>Dealing with customer enquiries<\/strong><\/h3>\n\n\n\n<p>The GDPR gives your customers and\/or clients new rights to know what you\u2019re doing with their data. They also have the right to withdraw consent, subject to certain exemptions, or the absolute right to withdraw consent from certain uses of it (such as direct marketing).<\/p>\n\n\n\n<p>You will need to put in place procedures and possibly staff to deal with this, such as a Data Protection Officer, and your staff will need to perform tasks such as documenting such requests and clearing any future marketing lists against the internal suppression list.<\/p>\n\n\n\n<div class=\"single-cta gated-content\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Ambition In Action<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Want to grow your business but struggling to do so? Download this free e-book for advice from Peter Jones and the winner and finalists of the Sage Ambition competition who faced challenges and overcame them using their business ambition.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-eb9c1bb7-d04c-4e0b-8ae1-fb48d0e94f3c\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Get your free e-book<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1440\" height=\"810\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2022\/04\/GettyImages-1327779575-1440x810.jpg\" class=\"single-cta__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2022\/04\/GettyImages-1327779575-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-human-resources-and-payroll\"><strong>Human resources and payroll<\/strong><\/h2>\n\n\n\n<p>Considering people management and payroll involve processing massive amounts of personal data, it\u2019s incredibly likely that existing processes will have to be revised significantly for the GDPR.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-consolidation-and-security\"><strong>Consolidation and security<\/strong><\/h3>\n\n\n\n<p>With its additional security requirements, businesses should consolidate all their personnel and payroll data into as few locations as possible to prepare for the GDPR. This is because of the requirement for data to be secured. Effectively securing personal data and\/or payroll data that\u2019s spread across a range of Excel spreadsheets, for example, is likely to lead to disaster.<\/p>\n\n\n\n<p>The GDPR-compliant processes you create will need to consider all sources of data, which can be challenging with people management. For example, how will you securely store sick notes or even emails or text messages requesting holiday leave? How can timesheets be securely handled and stored? How do you restrict access to personal data to ensure only those who have a &#8220;need to know&#8221; can access it?<\/p>\n\n\n\n<p>Similarly, and as before, payslips must be provided in a secure way. This is prompting many businesses to switch to online rather than printed payslips, wherein an employee must securely authenticate online before being able to view the information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-individual-rights\"><strong>Individual rights<\/strong><\/h3>\n\n\n\n<p>Because the employee has entered into a contract with you, and you\u2019re processing their data on the basis of the employment contract or for your legitimate interests, it\u2019s not necessarily appropriate to get consent in the day-to-day employer-employee relationship.<\/p>\n\n\n\n<p>You may however need employee consent for any processing not directly connected to that relationship, e.g. if you want to see an employee\u2019s occupational health records. This includes consent for sensitive data, although the GDPR here bows to national laws. At the time of writing, the implications of this are not yet fully understood.<\/p>\n\n\n\n<p>GDPR means you potentially have to give staff full visibility of the data you hold about them. You must respond to subject access requests (SARs). Notably, you retain the right to refuse unfounded or excessive requests but will need to demonstrate how they are unfounded in your compliance documentation.<\/p>\n\n\n\n<p>You\u2019ll need to create clear and GDPR-compliant privacy notices to ensure you provide all the information to which they are entitled under GDPR&#8217;s requirement for transparency. You may need to provide easy-to-access functionality to allow employees to opt out of the various ways you use their data. You cannot use their data for any other purpose without notifying them.<\/p>\n\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">GDPR<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p><!-- wp:paragraph --><\/p>\n<p>Need help with meeting your GDPR obligations and making sure your businesses processes are working in the correct way? Here&#8217;s what you need to know.<\/p>\n<p><!-- \/wp:paragraph --><\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"https:\/\/www.sage.com\/en-gb\/gdpr\/\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\tid=\"cta-id-3269\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tdata-button-location=\"cta_box\"\n\t\t\t\t\t\t\t\t\t\t\t>Find out more<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1440\" height=\"810\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2023\/09\/GettyImages-1478421401.jpg\" class=\"single-cta__image\" alt=\"Working on business priorities\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2023\/09\/GettyImages-1478421401.jpg 1440w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-recruitment\"><strong>Recruitment<\/strong><\/h3>\n\n\n\n<p>From the moment a potential employee submits a curriculum vitae (CV) or application form, you&#8217;ll have to start to record when and how you obtained this data and on what lawful basis it\u2019s held.<\/p>\n\n\n\n<p>Speculative CVs received out of the blue from jobseekers also present issues as HR departments won&#8217;t be able to hold them on file unless they can tie them to a clear record of consent that includes an agreed time limit.<\/p>\n\n\n\n<p>You might want to think about requesting explicit consent from candidates about keeping their CV on file for a period of time. As above, you\u2019ll also need to provide clear GDPR-compliancy notices for jobseekers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-data-deletion\"><strong>Data deletion<\/strong><\/h3>\n\n\n\n<p>The GDPR means you should not hold on to employee data once that individual has left unless there\u2019s a lawful reason to do so. This must be considered within the right to be forgotten, but this is not an absolute right if there\u2019s a lawful reason for you to hold the data. For example, if a former employer is taking you to an employment tribunal then you will need to keep hold of that data.<\/p>\n\n\n\n<p>However, you will need to ensure that your systems and processes are able to remove all data about that individual, which suggests another reason to aim for consolidation of data across as few systems as possible.<\/p>\n\n\n\n<figure class=\"wp-block-image alignnone wp-image-3366 size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1675\" height=\"1275\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2017\/12\/GettyImages-518345325_super.jpg\" alt=\"Finance professionals working in an office.\" class=\"wp-image-3366\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2017\/12\/GettyImages-518345325_super.jpg 1675w, https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2017\/12\/GettyImages-518345325_super-768x585.jpg 768w, https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2017\/12\/GettyImages-518345325_super-1064x810.jpg 1064w, https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2017\/12\/GettyImages-518345325_super-1536x1169.jpg 1536w\" sizes=\"auto, (max-width: 1675px) 100vw, 1675px\" \/><figcaption class=\"wp-element-caption\">Accounting and finances departments still need to prepare for the GDPR<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-accounting-and-finances\"><strong>Accounting and finances<\/strong><\/h2>\n\n\n\n<p>Of all departments within a business, the accounting department is perhaps hit least by GDPR preparations and requirements. A good rule of thumb is that, unless the accounting data is linked to an individual, then there should be no issue.<\/p>\n\n\n\n<p>If your accounting data is linked to an individual then in most cases you\u2019ll already have a contract with them (for example, a sales contract), and for accounting purposes will be processing the data for their and your legitimate interests.<\/p>\n\n\n\n<p>If there\u2019s a need to get consent to use an individual\u2019s data then the requirement for processing it for accounting purposes should be specified during the process of gaining consent. This might involve the accounting person or team reaching out to all departments to ensure GDPR compliance has occurred further upstream.<\/p>\n\n\n\n<p>Where problems might arise is if you hire a bookkeeper or accountancy firm in any capacity. You should ensure they are GDPR compliant, that the technology and software they use to manage your small business accounting is GDPR-ready, and that how and where they store data is also GDPR-compliant.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-information-technology\"><strong>Information technology<\/strong><\/h3>\n\n\n\n<p>IT departments are the facilitators of a lot of GDPR compliance considering most work within a business is done via technology nowadays. For example, with the increasing use of cloud services, the IT department will have to ensure that anywhere data is stored complies with the security demanded by the GDPR.<\/p>\n\n\n\n<p>However, this isn\u2019t necessarily about providing software or hardware for GDPR readiness. The IT department might have to securely dispose of existing data, such as customer databases that lack adequate consent notifications, and put in place ongoing methods for data to be deleted securely to meet the GDPR\u2019s much more strict guidelines about data retention and use.<\/p>\n\n\n\n<p>The IT department should also take the lead by implementing robust processes for reporting data breaches or other forms of GDPR non-compliance. Considering this might involve contacting customers, the IT department will need to reach out to all departments to ensure they understand the GDPR\u2019s reporting requirements.<\/p>\n\n\n\n<p>As before, duplication of live data for testing and pre-production purposes are impacted by the GDPR in that using the data in this way might not be possible without explicit consent.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-sage-legal-disclaimer\"><strong>Sage Legal Disclaimer<\/strong><\/h2>\n\n\n\n<p>The information contained here is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice. We would like to stress that there is no substitute for customers making their own detailed investigations or seeking their own legal advice if they are unsure about the implications of the GDPR on their businesses.<\/p>\n\n\n\n<p>While we have made every effort to ensure that the information provided herein is correct and up to date, Sage makes no promises as to completeness or accuracy and the information is delivered on an \u201cas is\u201d basis without any warranties, express or implied.<\/p>\n\n\n\n<p>Sage will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information or from any action or decisions taken as a result of using this information.<\/p>\n\n\n\n<div class=\"single-cta gated-content\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Implementing GDPR: Lessons learned from UK businesses<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Want to get more insights from businesses on the GDPR? Download this guide, read the stories of the business owners and get up to speed today.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-bd7e5bca-51df-4b7b-816e-26cf4d8ba1a6\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Get your guide<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"999\" height=\"666\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/03\/GDPR-CTA-cover.jpg\" class=\"single-cta__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2018\/03\/GDPR-CTA-cover.jpg 999w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Subscribe to the Sage Advice newsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Join more than 500,000 UK readers and get the best business admin strategies and tactics, as well as actionable advice to help your company thrive, in your inbox every month.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-b1a63862-3fa0-4a5e-bb67-c76b88bbc6b8\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Subscribe now<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1440\" height=\"810\" src=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2022\/04\/GettyImages-1073797282-1-1440x810.jpg\" class=\"single-cta__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2022\/04\/GettyImages-1073797282-1-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Believe it or not, it was just 100 days as of Valentine\u2019s Day until the GDPR comes into force on 25&nbsp;May 2018. Whether you\u2019ve fallen in love with GDPR or not, you might want to use this as a milestone to measure how well your GDPR preparations are progressing. For example, you might want to [&hellip;]<\/p>\n","protected":false},"author":280,"featured_media":3293,"menu_order":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":true,"post_featured_image_hide":false,"sage_hide_published_date":false,"sage_hide_read_time":false,"sage_hide_share_buttons":false,"footnotes":""},"categories":[9],"tags":[117,41],"business_type":[4],"lilypad":[],"context":[],"industry":[],"persona":[73,74,75],"imagine_tag":[138,109],"coauthors":[369],"class_list":["post-3769","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-strategy-legal-operations","tag-gdpr","tag-hr-process","business_type-small-business"],"sage_meta":{"region":"en-gb","author_name":"Keir Thomas-Bryant","featured_image":"https:\/\/www.sage.com\/en-gb\/blog\/wp-content\/uploads\/sites\/10\/2017\/12\/GettyImages-169267075_super.jpg","imagine_tags":{"138":"GDPR","109":"Small business"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice UK","distributor_original_site_url":"https:\/\/www.sage.com\/en-gb\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts\/3769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/users\/280"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/comments?post=3769"}],"version-history":[{"count":0,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/posts\/3769\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/media\/3293"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/media?parent=3769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/categories?post=3769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/tags?post=3769"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/business_type?post=3769"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/lilypad?post=3769"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/context?post=3769"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/industry?post=3769"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/persona?post=3769"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/imagine_tag?post=3769"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-gb\/blog\/api\/wp\/v2\/coauthors?post=3769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}