The General Data Protection Regulation (GDPR) affects most small businesses – including sole traders and freelancers. From May 25th, 2018, rules about the personal data businesses are allowed to keep, how they get the information and how it’s stored will be enforceable, and fines for breaches of the law can be very costly.

The potential amount you could be fined is significantly increasing up to £17million, though this amount is very unlikely to be enforced despite the scaremongering you may have heard.

Does GDPR apply to your VA business?

Almost definitely.

  • Are you working as a freelance VA for clients?
  • Do you have a marketing mailing list?
  • Do you send out e-newsletters?
  • Do you have any kind of spreadsheet, database or software that holds personal details of people living in the UK or EU?

If so, you need to be aware of your obligations under GDPR. You can’t ignore this legislation, and a breach could be expensive.

I’m Lesley Cooley, a BCS qualified Data Protection Officer with over 15 years data protection experience. I’ve created a simple guide for VA's that takes you through the legal minefield of GDPR and tells you simply what YOU need to do.

I guide you through the business basics;

  • How and where the law applies to your business.
  • What changes you must make NOW.
  • When you are a ‘data controller’ or a ‘data processor’ - and what the difference is.
  • How to make sure that your email marketing sticks to the rules.
  • How long you can safely store information.

GDPR and VA's

As a business owner myself looking for guidance about GDPR, I found the information available about GDPR over-complicated and confusing. Small business owners like you and I are busy enough without trying to detangle complicated legal terms and interpret regulations. We need simple, accurate and easy to use information.

So - I’ve stripped out all of the unnecessary jargon and made this training easy to understand and implement. I know you don’t have the time to wade through pages of legal speak so I’ve decoded the law for you and made it easy to find the parts that apply to your VA business.

I’ve created a complete guide that doesn’t just quote the law, it explains what YOU have to do. I explain in simple terms how to implement GDPR into your VA business, what you MUST do now and what will place you in the spotlight and in line for up to a £17m fine.


The training is presented in bite-size chunks and I’ve created a set of documents you can take away and use in your business NOW.

  • OVER 30 ‘How to’ videos.
  • Clearly presented information about GDPR targeted to YOUR small business.
  • Sample documents you can take away and use straight away.
  • Customisable downloads that can be adapted to your own small business.
  • Weekly Q&A Classes.
  • A FREE Facebook Group.

We all know that legislation can change; I’ll also keep a close eye on any updates and news and keep adding useful information.


You can find a sample data protection policy online for £300 – or you can sign up for GDPR Implementation for VA's NOW and receive all of this useful content for £149.

This is a limited time only special offer which will not be repeated.

Buy now and make sure that YOU don’t get caught out by the new data protection rules!

Course Curriculum

  • 1

    Getting started

    • Start here with an introduction

    • Business Basics

  • 2

    Step By Step

    • Step 1 - What is Personal Information

    • Step 2 - Collection Notices

    • Step 2 - Collection Notices - what they should include - download

    • Step 3 - How to do a data audit - video

    • Step 3 - Data Audit spreadsheet

    • Step 4 - Lawful basis for processing

    • Step 5 - Consent

    • Step 6 - Reconsenting your mailing list

    • Step 6 - reconsent Emails samples

    • Step 7 - Legitimate Interests - What is it?

    • Step 7 - Legitimate Interests Checklist

    • Step 7 - Legitimate Interests Assessment

    • Step 8 - Privacy Policy

    • Step 8 - Legitimate Interest Policy for the Website

    • Step 8 - Cookie Policy

    • Step 8 - Off Line Privacy Policy

  • 3

    Marketing and Consent

    • Email Marketing

    • Consent - Do you need it?

    • Collecting Information

    • Website Forms and Documents

  • 4

    What is Personal Information

    • What is Personal Information

    • What is Sensitive Personal Information?

    • Children

  • 5

    Data Processors and Data Controllers

    • Data Processor or Data Controller

    • Data Controller

    • Data Processors

    • Written Agreements

  • 6

    Collecting Information

    • Collecting Information

    • Website forms and Information

    • Lawful Grounds for using Personal Information

  • 7

    The ICO, GDPR and Data Protection Officers

    • Data Protection Officers - Do you need one?

    • The General Data Protection Regulation - GDPR

    • Information Commissioners Office - ICO

  • 8

    Keeping Information Securely and Staying Safe

    • Cloud Storage

    • Record Destruction

    • Countries in the EEA

    • Staying Safe

    • Privacy Impact Assessments

  • 9

    Subject Access Requests

    • Subject Access Requests

  • 10

    What happens when it goes wrong?

    • Breach Notifications

  • 11

    Data Portability, Right to be Forgotten, Right to Object, Profiling

    • Data Portability

    • Right to be Forgotten

    • Right to Object

    • Profiling

  • 12

    Resources - where to find documents

    • Data Audit Spreadsheet

    • Retention Schedule

    • Sample Privacy Policy type 1

    • Data Protection Policy

    • List of Modules

    • Sample Consent email Wording

    • Consent Checklist

    • Privacy Policy Checklist

    • Retention Checklist

Sign up for this course NOW and start the road to GDPR compliance.