Technology in the modern world has created numerous marketing openings that businesses whether small or large can utilize to see their products. Small businesses can connect directly with more potential customers and precisely know the means to target them and segment the market. Marketing practices such as use of internet has enabled many businesses to succeed, which could not be the case in the analog era. The current business literature supports that internet marketing is a vital aspect included in the formulation of market strategies to increase the product awareness. Online marketing has the ability to initiate the growth of SMEs to limited corporations and companies when used effectively. Nevertheless, with all the benefits that come with digital marketing, online risks may emerge and lead to negative impacts to business and its customers.

Online marketing practices involve harvesting of a wide pool of customers’ data from the internet and using the information to conduct business transactions with the customers. The data may fall into wrong hands if not handled properly thus endangering the disclosure of the customers’ private information. After several researches done by the European (EU), the commission formed strict regulations on the use of the information retrieved online to prevent mistakes or mishandling of customers’ private data. The General Data Protection Regulations (GDPR) were established in Europe with a major aim of protecting the citizens from the breach of private data since the present world is driven by data due to improved digital technology. The regulations were activated from May 2018 and subjected to all business organizations that seek to get information of customers for the purpose of selling their goods or services online (Simberkoff, 2018). The businesses have to comply with the conditions under the regulations or suffer the consequences. Some of them include; that the business will protect customer information or pay fine, the business must request for the customer’ consent before using the data in marketing.

SMEs view the conditions as a challenge with the possibility of disrupting their business designs by complying with the GDPR rules. This essay looks into GDPR application to SMEs, the pressure that arises between GDPR and online principles of marketing, and SMEs possible reactions to continue with marketing interactions with customers.

General Data Protection Regulations

The effect of GDPR on marketing operations of small businesses can be understood by first understanding GDPR functions. The Information Commissioner’s office in the United Kingdom (UK) is an independent body that regulates GDPR. Its mission is to support the rights of information in the interest of the public to promote transparency by public organizations and individuals’ data protection. The ICO monitors how data is handled both in private and public institutions to maintain privacy rights of citizens (ICO, 2018b). Hence, its important role in marketing practices is to ensure that all the businesses that operate in UK adhere to the guidelines of GDPR. It also promotes and maintains the compliance of specific laws in the UK that relates to data protection such as Data Protection Act (DPA).

The DPA is not very different from GDPR because it focuses to expound only on some gaps that can be seen in some legislations. Businesses that already conforms to DPA regulations find it easy to comply with GDPR. However, new aspects and important developments made should be followed to do the same things but in a different way. GDPR, DPA, and UK legislation aim to protect the citizen’s personal information. The principles of openness, risk minimization, respect of individual rights, fairness, and security applies to all of them. All organizations are expected to obey each of the rules to enhance privacy of the data collected.

According to GDPR, business organizations that handle different types of data that relate to any citizen should use the information safely and securely and ask for the individual’s consent before holding the data since people have the power over their own information. For instance, they can withdraw their consent whenever they want to and the respective organization has to accept the person’s decision. Research says that nearly every person that is identified as the UK citizen has data relations with several government organizations such as insurance codes and individual licenses (Vanberg & Ünver, 2017).  An example of person-organization data interaction may be that a customer purchased a particular product online in the past years and the person unknowingly accepted the marketing terms and conditions to the organization’s marketing data archive. GDPR forces such organizations to request for permission from the customer who never contacted the organization since the transaction was done. Failure to look for clear consumer consent leads to punitive fines to the organizations that fail to implement the regulatory guideline. Organizations such as the National Health Service (NHS) are exempted to practice GDPR rules because the regulation authority believe that they have a valid right to hold the data of different people. The marketing operations of SMEs are disrupted because there is no clarity on the reality of GDPR practices.

GDPR when used as marketing practices safeguards all kinds of people from biases and discrimination in some circumstances such as when a person gets recruited for a job, conducting transactions online, and receiving services together with other activities done online. Businesses that follow the regulations are defended by GDPR from the risks of data protection to ensure that their customers’ data is handled well, processed, and stored for safety purposes. All organizations must have an appointed DPO (Data Protection Officer) to oversee the methods that businesses use to protect data and report to the relevant authorities for compliance.

Social Media Marketing

Most businesses are sharing their information with potential customers on social media platforms such as YouTube, Facebook, and Instagram to achieve their marketing goals. Opportunities are created through the use of internet by organizations to provide many and different goods and services to the market across the world. It is a genuine concern for the SMEs since GDPR limits their freedom of practicing online marketing using specific strategies. Organizations that adopt and practice internet marketing have grown rapidly compared to those that market their products using the manual ways. The reason for businesses expansion through practices of online marketing is data collection from social media potential and actual customers. For instance, creating the target market that is based on their behavior and interests. To achieve the plan, a business keeps track of the behavior of consumers through engaging them in consistent conversations about a product or service and get their responses. The business can also monitor the messages exchanged between two or more people to know the things to improve on. The marketing practice becomes personalized that many organizations record sales increase and attain other marketing goals without much effort.

Research on numerous organizations have revealed that tracking of the customers’ information is an effective marketing strategy that most business consultants advise the marketing department to use to guarantee business success and growth. Firms that deal with adverts are now trailing the views and opinions of customers online despite the increase in software made to block the advertisements. David (2019) states that GDPR intervenes to protect the data of target customers even though the tracking approach increases the sales output. Businesses have a legal right to market their produce on the internet, but the problem sets in when they get customers by following individual communications without informing each customer and getting their consent. The SMEs conclude that many marketing practices that are accepted worldwide are compromised.

Email marketing

All small businesses that have marketed their produce either offline or online use this method to reach a wide pool of customers. Goods and services are advertised through updates, messages, or newsletters. The business identifies the potential and existing consumers and builds their list before emailing them to enhance the firm’s marketing practices. Similar to social media marketing, businesses use email marketing to retrieve customers’ data for the internet and use it to increase the number of sales. After GDPR implementation, SMEs only choose email marketing after meeting certain requirements. For example, they should ensure that the customer agrees to receive the promotional messages and adverts by forming subscription processes that have characteristics of multiple sign-ins and easy ways for opting out. As many marketing departments may consider email marketing to be a long-term marketing approach, they have to include data safety of their customers. They can do so to avoid larger penalties that may lead to closure of the business or incur big losses.

Effects of GDPR

Although the aim of GDPR is to prevent organizations from harvesting unwarranted consumers’ private information, it becomes a major challenge to businesses. The organizations have to change their marketing strategy to new ones to comply with the regulations. It is a big blow to them because it may take a while to generate high profits as when they used the people’s data. The laws and regulations have costed the entire business sector in the sense that all the marketing practices of a business that uses clients’ data have to be erased completely. For instance, GDPR emphasizes on the consent of the customer prior to data usage (Sloane, 2020). The small businesses that established their marketing database of reliable consumers for many years have suffered a huge market loss. They have to go back and convince the customers in exchange for their loyalty and dedication to buy the organization’s products. Some SMEs may rise if the new marketing strategy gets them back to their original position and unfortunately, others embrace the reduced market share, which may lead to decrease of sales impacting negatively to the business.

Some SMEs view GDPR as a burden rather than a benefit to them since the regulations are too much for them to bear with the limited financial resources they have compared to large companies. Based on research done by the European Union (EU), 50% of the SMEs do not comply with GDPR on two regulations that include; recognizing the legal base for using other people’s data and clear activities of data processing described in simple language that can be understood by data subjects. The SMEs that complied explained that they invested more money in GDPR, yet their businesses do not grow to the expected level. The only benefit that GDPR has brought is increasing the level of confidence when handling business data to protect it from security risks.

On the other hand, some SMEs that have accepted to put their effort to implementing the rules of GDPR have gained more customers on online marketing platforms. The businesses have formed their own data protection policies or updated the old ones but still comply with the GDPR regulations. Other risky marketing approaches are considered and tested to maintain the previous customers and include more on the target list. It had improved creativity and innovation in the organization’s marketing departments and encouraged diversity of marketing strategies. Sloane (2020) depicts those small businesses have to carry out their marketing operations looking at wider perspectives in order to survive in the market or risk to fail. They utilize the limited resources they have to meet the requirements of GDPR and still strive to operate normally before the regulations were imposed on them.

Small enterprises require more time to adapt to the new regulations compared to large firms that have sufficient skilled personnel and financial resources to appoint a DPO.  Change involves time to grasp the components proposed for effective implementation of the changes. SMEs rely entirely on their agency partners and legal firms to get the necessary guidance for GDPR compliance. Some organizations decide to reduce the emails they send to people but improve on the marketing content to bring the customers closer and become more interested in what they have to offer. After a period of time, the consumer involvement generates loyalty and attracts many people needed to achieve organization’s vision such as business expansion.

Transparency as one of the GDPR principles is adopted by most SMEs in transforming its online marketing operations. Being open with the customers regarding their information develops trust between the organization and the consumer. Marketing practices can be initiated as a plan on how to target particular audiences can be done effectively through openness. For example, the business gets the individual’s consent to collect and store the data by explaining the purpose of the information (Paunova, 2018). It may be a long process but a useful opportunity for making marketing strategies that are focused with the customer. The organizations offer freedom to the customers to opt-out anytime they feel like. Transparency of data ensures that the business message sent to potential and actual customers is tailored to meet their needs, which lead to consistent customer engagement, high level of trust, and increased chances for business growth.

Based on GDPR rules, customers have been given the right to object or accept the organizations’ request to use their data. Most of them are relieved from the countless emails they frequently receive on their electronic devices. Although the regulation on consent has hit the SMEs focal point in marketing, it has helped to protect customers’ data. Some SMEs that find it difficult to target specific audiences may try to of other marketing strategies such using posters for advertising the organization and its products up to when the clarity of the GDPR function in marketing practice will be clear. Since the regulations are compulsory for all SMEs that have more than 250 persons, it impacts on small enterprises in terms of increased marketing costs. Unfortunately, the costs will continue going high due to new rules that are updated regularly to prevent the occurrence of data security risks. SMEs have no choice but to comply with GDPR and have marketing managers that are able to think outside the box to enhance business growth while considering the potential risks that may arise.


GDPR has invaded the marketing operations of not only major corporate organizations but also the upcoming and medium-sized businesses. Data acts as the pivot in the process of marketing practices where organizations use consumers’ personal data to target more people and increase sales. It could be this reason that led to the formation of GDPR as the privacy law. GDPR affects the data collection procedure in terms of processing that is legally based starting with the aspect of consent. All businesses that conduct digital marketing using social media and emails need the customers’ consent to use their data. SMEs follow the main rule of transparency to maintain customer engagements and improve their experience. It takes a lot of effort to attain marketing goals with GDPR, but it is worthwhile if marketers find the right marketing strategies that are GDPR compliant to enable the organizations to grow. Click here to Place Your Order.


Cauchi David. (2019). How does GDPR affect digital marketing? EU. GDPR Academy. Retrieved from

ICO. 2018b. Direct Marketing Guidance. Retrieved from

Paunova Dimitriya. (2018). How can small businesses overcome the GDPR challenge? Retrieved from

Simberkoff Dana. (2018). GDPR affects small businesses too. CMS Wire. Retrieved from

Sloane Chris. (2020). How will GDPR affect business marketing approaches in the digital age. Metaverse Law. Retrieved from

Vanberg, A & Ünver, M. (2017). The right to data portability in the GDPR and EU competition law: odd couple or dynamic duo? European Journal of Law and Technology, 8(1), pp. 1-7.