GDPR for Small Businesses and Entrepreneurs Made Simple

| By Matt Jelfs

As a business owner or entrepreneur, you’re probably aware that GDPR regulations come into affect on May 25th this year. Achieving compliance might seem a little daunting, and I don’t blame you if you’re wondering what precise changes you will need to make to your website.

Of course this affects us here at Utama Studio too, as well as our clients, so we’ve sifted through pages of information in order to distil just what this means for the average small business owner with a website.

Read on for a simple overview of what is required if you are a small business owner. If you want to delve deeper, at the end of this article you’ll find some links to more in depth articles about how GDP affects you.


The new General Data Protection Regulations exist to give EU citizens control of their digital data. It does this by forcing businesses to be clear about what personal data they collect and when; how it is used; how citizens can view the information held about them and how they can request for it to be deleted.

How does this affect your business website?

In practical terms, for most of the clients that we work with here at Utama Studio, GDPR compliance tends to involve the following:

Updating website forms

Ensuring that any forms that collect information about someone obtain explicit consent for this information to be collected and stored.

This includes:

  • Contact forms
  • Payment forms
  • Application forms
  • Mailing list optins
  • Registration pages
  • Any other forms that collect information that will be stored

Privacy policy

Ensuring website privacy policies are up to date and that they disclose all the ways users’ information is collected and used.


Adding a cookies policy info bar that is present when people arrive on the website. The bar should require an action that implies consent for collecting cookies.

Minimum data collection

This means ensuring websites only collect the minimum data required across any forms. In other words, if there is no good reason to collect a piece of information, don’t!


This means asking people on your mailing list to confirm that they wish to remain on it.


For most small business owners the aforementioned should be sufficient to comply with GDPR. Your webmaster or designer will be able to advise you about any specific amendments you need to make for your website. If you’d like Utama Studio to check your business website over and ensure GDPR compliance, feel free to get in touch.

Further information

Of course we’re not lawyers and this does not constitute legal advice! If you’d like to learn more, I’d recommend reading the following articles for a more detailed exploration of GDPR.

Latest posts