GDPR (the changes to the new EU Data Protection Law) is hot topic right now with the new rules coming in to force on 25 May 2018.

But just how important is GDPR for VAs as business owners?

We simplify what it means for you and run you through the essentials you NEED to know to be ready.


1. We don’t know exactly what it looks like…yet.

What is GDPR going to look like? If only I had a penny for every time someone has asked me this! Firstly, we need to understand what GDPR is…

Wikipedia states:

“The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union.

It also addresses the export of personal data outside the European Union (The EU). The GDPR aims to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

The regulation was adopted in April 2016 and becomes enforceable from 25 May 2018 and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.”

So, in simple terms for us it means we need to really think about and possibly amend the way that we collect, store, handle and share our data within (and outside of) our businesses to ensure we are compliant.

The reality is that although right now we can make an educated guess about what the new GDPR rules will look like, we can’t know for sure until the announcement is made.  But that doesn’t mean that we can’t begin to prepare with the information we currently have to hand!  GDPR is coming – why wait to be prepared?

2. It is absolutely relevant to you.

The new laws affect every business in the EU that handles data – which means both you AND your clients.  

As a business owner in your own right you need to ensure that you are up to speed with what the changes are, what you need to put in place or amend around your own processes and systems and ensure that you are compliant.  For VIP VA members and those who meet our criteria, you should find that what you are doing is great and there are little changes to be made, however, if you don’t have robust systems and processes in place, now might be a great time to think about the steps you need to take.

Additionally, if you send out emails and communications on your clients behalf, you are the data processor – not your client. Which means you are responsible for ensuring that you are only sending to people who have opted in according to the new rules.  So you will need to be sure about how those people opted in to your clients’ list and what they consented to their data being used for.

It’s time to roll up your sleeves and get your hands dirty letting your clients know that THEY need to know about this stuff too.

For those of you reading this who aren’t situated within the EU – it may well affect you also.  Do you work with clients who are located in the EU?  Do you use systems or software with servers based in the EU?  Do you have opt-ins online from people outside of the EU?  Don’t be too quick to dismiss this as a problem just for those physically based in the EU – it is likely in some way that this will still affect you.

3. It isn’t just about numbers.

Data isn’t just about numbers or accountancy. As online business owners ALL we deal with day in day out is data.  So for those thinking that they don’t need to worry about how they process data in their own businesses, you need to think again.  

GDPR deals with the way that Personal Data is handled within a business.  Personal Data is any information about an individual that what be linked to their identity. This includes (but isn’t limited to): Names, DOB, email address, postal address, contact details, telephone number, educational establishments, IP addresses, etc.  Have a think about the kinds of personal data that you currently collect and hold in your business and where you hold them…

Is it on your laptop? A cloud storage system? A piece of software? An email marketing application?  Excel files?  You need to be thorough when thinking about where you hold personal data and how secure that data is.

4. It is about consent & transparency.

Now, we’re not saying you can’t collect personal data in your business – indeed in many cases we genuinely need it for the product or service we are offering. However, the key here is ensuring that when you collect that data, you are only collecting the minimum that you need, that you are asking for consent from an individual for you to collect and store their data AND that you are being transparent about how you will be storing and using that data going forward.

For those collecting data, through a lead magnet or via product or service offered, you need to ensure that your opt-in process is robust with a clear statement letting people know how they can confirm that they wish to be added to your records (or not) and agree to receive periodic communication (or not) etc.  Double opt-ins are a great way to ensure you really do have consent to have people on your list.  

5. GDPR Trained VAs will earn more – FACT.

We’ve already spoken about how these regulations will affect all businesses located in the EU (and even some that aren’t based in the EU).  It makes absolute sense that after May 2018, VAs who have a great knowledge of how to navigate the waters around GDPR (and can prove it!) will be in high demand.

GDPR aside, business owners rely heavily on their VAs not only to support them with completing tasks and helping to run their businesses, but also to advise on best practice and strategy.  All business owners must be compliant – so who will be their first port of call when starting to figure out what they need to be doing to be compliant with the new rules? 

As with accredited VAs, those who are GDPR trained and compliant themselves will become hugely valuable and sought after, so it is worthwhile getting your head around this stuff early on.

Ok, so what should I be doing now

They say there is no time like the present, and personally I would rather be proactive and ready than reactive and panicked!  The best thing you can do right now is to look into what data you currently hold, how you handle it and to begin to plan the next steps.  

You can download our FREE GDPR for VAs planner below and get started straight away!


Feeling overwhelmed with the information?  Want a GDPR expert to walk you through EXACTLY what you need to be doing to be compliant?

KoffeeKlatch have a wonderful community and support network on Facebook called Data Protection for VAs in which Annabel and the team walk you step-by-step through what you need to do and when you need to do it.  In the group we are covering off:

  • An audit of the data you hold
  • An explanation of what constitutes as ‘data’ and how to secure it and share it appropriately
  • How to handle consent (when the final details are published)
  • What your data protection responsibilities are as a business owner
  • How to handle your own data
  • Where your data is located – do you know where your software keeps it?
  • How to handle clients’ data
  • How to work with your associates and any suppliers in a GDPR compliant way


The group comes with 1 years membership to the community and guarantees to share everything you need to do to ensure you are compliant with GDPR regulations when they come in in May 2018.

The great news is that you can be guided here by an expert and have a support community of other VAs in the same position around you – an essential investment in my opinion!