Which regulations affect your small business?

Running a small business and trading online? You might not think national and international laws and regulations are something that apply to your situation. Regulations seems like something for big companies – and anyhow, who’s going to care about your small business anyway? Quite a few people, in fact. In this article we will take a brief look into small business regulations.

Small Business Regulations

Just because you’re small, don’t assume you’re not affected by legislation. You’re less likely to be under the media spotlight if things go wrong, but failing to comply with laws could result in serious penalties that could derail your business.

Every country has its own small business regulations, and online entrepreneurs trading in the European Union, for instance, tend to have to deal with more rules than their North American counterparts. That said, it’s only a question of degree – most countries regulate small online businesses in the ways we look at below:

Payment Card Industry Compliance

Whenever you take payments for your products or services over the internet, you need to ensure that you are compliant with international Payment Card Industry (PCI) standards. If you use any of the traditional online transfer payment methods, such as SWIFT, STRIPE or even PayPal, you’ll likely be covered. But, make sure you use an accredited and well known service.

Customer Data Protection

Most countries have various different laws covering customer privacy. At a minimum, it’s expected that:

  • You don’t collect any more data than is strictly necessary
  • Customers are made aware when you collect data about them
  • Data is protected in a secure, password-protected environment

You should also know that, as of May 2018, the European Union’s General Data Protection Regulation will be coming into effect, which requires businesses to go even further when protecting customer information. If you collect any kind of confidential information about your customers, you should prepare yourself for this law. Be aware that the GDPR has enormous fines for non-compliance.


If you’re selling any kind of advice over the internet, it’s sensible, and in many countries obligatory, to be covered by professional liability or errors and omissions insurance. If you give advice which is shown to have caused a damage to your client – such as them losing money or making a poor decision – this kind of insurance protects you.

Industry-Specific Certificates

If you’re offering medical advice over the internet, you should have a medical certificate. The same goes for other professions such as engineering, law or accountancy.

Terms And Conditions

Online service providers and eCommerce businesses should have a lawyer look through their terms and conditions. When you’re providing training, guidance or any kind of product over the internet, you should provide clients with terms and conditions.

Previous ArticleNext Article
Len is a tech and business writer who covers small business and startup advice and has appeared in many print and digital publications. He lives in London, UK, where he's also a sub editor on a national newspaper. He loves to travel and has lived in France, Spain, Senegal and Rwanda.

How to hire a remote team for your start-up

Utilizing the skills of a remote team can make a lot of sense for your startup. It’s usually a lot cheaper to hire freelancers who work from home, since you save on office space, bills and equipment. You also get access to the best talent anywhere in the world, because your team doesn’t have to live in the same city as you. These are just some of the reasons why start-ups hire a remote team far more than bigger companies.

If you’re looking to build a remote workforce – whether for full time employees, or just to access the skills of a couple of freelancers to fill out your team, the tips below should help.

Where to find them?

Placing ads for remote workers on the big job sites may not pay off – most people using those sites are looking for ‘regular’ jobs. Instead, head to sites like:
Flex Jobs
Remote OK
Skip the Drive
We Work Remotely
Go Remote
Posting your ad on these sites is usually free, allowing remote workers to find the job. You can also approach freelancers directly by searching for certain skills.

It’s also worth using LinkedIn’s basic search features to find people who may be interested in your remote working position.

What to look for

Now your ad’s live and you have applications coming in, what kind of traits do you want to look for in your new remote employees (besides evidence they have the specific skills you need)?

  • Good written communicator. Your remote employees need to be able to express themselves concisely yet clearly. You don’t want to wade through confusing emails, or deal with someone who offers one-word answers

Read our guide to negotiating over email for more tips

  • Motivated self-starter. You need to look for evidence that your new employee can manage themselves properly, without being constantly told what to do. If they’ve got remote working experience this might be enough. If not, ask for evidence of times they’ve worked well alone – perhaps during their studies
  • Trustworthy: you need to feel confident that your remote workers will stick to their contract and do the work you expect in the time allotted. When speaking to their previous employers, ask about times they’ve worked alone and their ability to do so

Set clear expectations

In a traditional office environment, it’s much easier to manage people face to face, using body language and verbal requests. Equally, misunderstandings can be cleared up a lot faster.

So, during the recruitment process for remote workers, you need to create job ads which are aligned with this. You need to make it super clear exactly what is expected of the remote worker – this means you avoid the risk of hiring someone who didn’t understand what you actually needed.

Does the GDPR affect your online business?

On 25th May 2018, the European Union’s General Data Protection Regulation (GDPR) will come into effect. It’s a wide-ranging privacy law, and comes with maximum fines for non-compliance of up to €20 million or 4% of annual turnover.

The new legislation is primarily aimed at keeping big businesses in check, reigning in their ability to collect data on millions of people without their consent. It’s also about giving power back to consumers.

But if you’re a small business, don’t just assume you won’t be affected – even if you’re not based in the EU. While it’s true that European countries will be most impacted, the GDPR covers any company that collects personal information about citizens of EU countries.

So, even businesses and freelance consultants in North America could be affected if they collect certain kinds of information.

Say you live in Canada but provide life mentoring services to clients around the world, including customers in Ireland. If you were to record any of those conversations with your Irish clients, or even take notes about them, you may well be affected by the law.

What Does The GDPR Cover?

If you collect personal data on EU citizens, you need to take some extra steps when it comes to the way you manage that information. ‘Personal data’ can mean a lot of things:

  • Name, address, date of birth
  • Gender, sexual orientation, religion, ethnicity
  • Email address
  • IP address
  • Geolocation
  • More here

Many small businesses might be collecting more of this data than they are aware of. All the information you receive from your customers that you write down or otherwise record – their bank details, information about their jobs or partners, their name and email – all count as personal data.

The regulation takes a softer approach to small businesses, so you’re less likely to be scrutinized. All the same, your business will be affected if:

  • You regularly process personal data
  • Fail to report a data breach where personal data was stolen or exploited within 72 hours of the breach
  • You omit to provide information to customers about what you will do with their data
  • Refuse to hand over data you hold on a customer when they request to see it (a ‘subject access request’)
  • Refuse to delete data you hold on a client when asked to (AKA the ‘right to be forgotten’)

How you can get GDPR-ready

Here are some simple steps small businesses can take to become GDPR-ready:

  • Review how you store client information – make sure it’s in a secure, password-protected environment like Dropbox, Google Drive, SharePoint, or even a folder on your computer
  • Write up a policy document which you share with clients explaining what you do with their data. There are many GDPR-ready templates available online to download
  • Share a similar document with your employees
  • Delete any data you hold on customers that you don’t really need

Being GDPR compliant will involve a little work now, but will improve customer trust in the long run, and will also give you confidence that you’re not in violation of any laws.