How to adapt & transform a Small Business from disruption – a GDPR case study example

By Julie Choo

Published: June 4, 2018

Last Update: April 28, 2020

__CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"62516":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"62516":{"val":"rgb(19, 114, 211)","hsl":{"h":210,"s":0.83,"l":0.45}}},"gradients":[]}}]}__CONFIG_colors_palette__

Small businesses operating on tight budgets, with limited cashflow and especially start-ups are vulnerable to disruptions of all kinds… from digital technology and eCommerce, which has become known as the Amazon effect, to new regulations imposed such as the introduction of GDPR by the European Union to protect customers’ data, to the lockdowns that have brought many businesses to a standstill imposed by the COVID-19 pandemic.

Most small businesses and their owners can become overwhelmed by the challenges they face, as they fight for their survival, if they don’t know how, where and when to adapt and tune their Operating Models. Yes, Operating Models are not just for big businesses and government institutions or well funded tech start-ups.

Every business big and especially small businesses can develop their Operating Models, to become more agile, to help them cope better, and adapt better and faster, in times of change and uncertainty, even when budgets are tight. It’s about HOW you do it, and making the best of difficult situations, and making the right decisions to prioritize what changes to make in your buisness to achieve business transformation.

What should small businesses focus on? Which capabilities should they prioritize and invest in?

There are 4 priorities capabilities to build an AGILE OPERATING MODEL as detailed in our article on ‘How to shape your business & career with THE STRATEGY JOURNEY Framework’:

  • Digital Infrastructure (or technology application)
  • Data Intelligence
  • Service Design & Innovation
  • Transformation (your ability to manage changes, make decisions and get it write)

But the real question is how do small businesses implement these potentially expensive capabilities on tight budgets?

The best way to explain HOW anything works, especially when it comes to solving a problem in business, is with an example of the process or actions taken and the benefits or outcomes achieved. So let’s explore this with the solution steps we took at Stratability Academy on HOW we as a small business implemented GDPR into our own Operating Model, as well as examples of other companies both big and small that potentially took similar steps.

How did we (the Stratability Academy) use the need to comply with GDPR as an opportunity to improve the capabilities in our business, especially the 4 priority capabilities to build an agile Operating Model and achieve our digital transformation goals? Where are we with this implementation? What benefits have we received or outcomes achieved?


The big day for GDPR compliance was on 25 May 2018, as many companies of all shapes and sizes rushed to update their operations.

GDPR is all about the PROCESS of how a business manages Customer DATA through its Operating Model … in its processes that deliver its business activities, where it is capturing, storing, analyzing, sharing and using data that it collects about it customers – so that should be almost everything that it does.

All the processes and thus capabilities like Sales, Marketing, Customer Servicing, Distribution or Fulfilment, which all formed a significant part of the value chain of an enterprise, are impacted and may have needed to be changed.

And this is why GDPR implementation is the perfect example to showcase how a company build its Agile Operating Model with the 4 priority capabilities.

Enhance and leverage Digital Infrastructure

Cloud technology has removed the big technical challenge of most organizations from the 1980s and 1990s known as Service Oriented Architecture (SOA), which required a lot of investment in technical services and systems infrastructure that even the bigger businesses struggled to invest in. The Cloud has made a global network of digital services available to the masses of small businesses at a fraction of the cost.

Digital services especially Software as a Service (SaSS) applications has helped many smaller businesses to become highly efficient at servicing many hundreds, thousands, and 10s of thousands of customers, or more… It has provided small businesses with quick and relatively cheap access to capabilities which in the past would have required significant amounts of capital to build internally. Capabilities like Sales, Marketing, Customer Servicing, Distribution or Fulfilment, and many more, can now be serviced via apps, and even outsourced. There are apps that provide CRM (Customer Relationship Management) and Sales support, Marketing via automated emails or Social Media Channels, Customer Support routing and tracking, Product Distribution and Delivery tracking … just about anything …

And today, these services are more than just automated services as well, with the aid of more sophisticated technologies such as big data and artificial intelligence (AI), where the machine can learn to think for us and then start to think faster than us … Well, we are not completely there yet … where machines can do everything, especially if its more on the creative side… but that time is fast approaching… as machines continue to learn and improve … But a lot more business activity is possible because of DATA and in how we are using machines to perform more and more of our PROCESSES in our enterprises.

This new kind of digital infrastructure is how many small businesses applied GDPR policies in their business, through implementation of technology and especially SaaS apps in their processes that form their Operating Model. And, if they already had these apps supporting how they operated, then it was the responsibility of the apps to be compliant, and to demonstrate that compliance.

Most small businesses that licensed such SaaS apps to support their Operating Model, were left with minor things to adjust, such as their marketing messages on their opt-in forms where they capture the name and email of their leads, re-writing their privacy statements, adding cookies acceptance popups on their websites…

The largest amount of work was to document relevant processes and specific workflows indicating where compliance measures should be applied and were implemented. Now, we are not sure if many small businesses completing this documentation, but this documentation is what a small business will use if audited to prove its GDPR compliance to the EU regulator.

Documenting your processes has the bigger benefit of illustrating where your business could potentially be more effective and efficient and hence how good is your Operating Model now in the current state versus in the future, or target state. It can help you to identify what to improve and change, especially when combined with your data, which can be analyzed for insights, to help you make better decisions. All the things that make for a successful business.

Of course, at the time prior to the looming May 28th date, many small businesses were still confused on what to do and there was a flurry of offering consulting and advisory services to support them.

In the case of Stratability Academy … as a professional services training company, many of our processes and our entire customer list, so all of our DATA, was impacted by GDPR. It was a lot of work to make the changes in our Operating Model processes which we documented of course, but in documenting our processes, we learned a lot about our business which led us to make further changes.

We read into our data from analyzing our processes, especially on our customers and their behaviors, and this led us to pivot our Business Model, away from consulting services and event-based training workshops to digital services and products based on online courses and online training. In the COVID-19 lockdown, this decision has helped us to save our business, as we are not reliant on revenue from workshops and events that we would not be able to run nor attend.

As well as hitting the airline, travel and hospitality industries very hard, the COVID-19 pandemic has possibly changed the events industry forever, when people are starting to realize that they can use digital channels to do many more things than before, and some events, such as big conferences may no longer be valid in the future of work and learning, as least not in the way that we used to run them.

Our decision at Stratability, to pivot to digital mostly and digital only, where we invested all of our resources to convert everything into this way of operating, prior to the COVID-19 pandemic was perhaps a lucky move, but it led us to transform our Operating Model for the better, and move to better Business Model too for the foreseeable future, post COVID-19 and in the digital economy.

From my initial scan of other global SMEs who offer either SaSS services and/or education or content services online, it appears that many of these enterprises have followed a similar interpretation of GDPR and hence implemented rather similar new processes across their Operating Models to comply with GDPR. Examples include: Kajabi, ActiveCampaign, Convertkit, BusinessOptix …

It appears most larger businesses including Facebook, Amazon, Linkedin, Udemy, HSBC, all too similar approaches too… In the case of HSBC, I can only speak for their online customers and what I witnessed as I examined the workflow online as a customer in May 2018.

And hopefully these companies took the opportunity to also transform their Operating Models from the work they conducted to implement GDPR, as we have at Stratability.

Improve services to customers through data intelligence and service design

With the decision to document our processes and analyze our data to find opportunities to service customers better, Stratabilty Academy actually developed three of the pivotal capabilities in implementing our digital infrastructure with the use of more SaaS apps to automate our processes, added user tracking tools to track users and customers onto our new website to support better data analytics and reporting, and we have improved the design of our courses and the way we train and interact with different course participants digitally.

Transformation is the result of making changes to your Operating Model, especially when you design new services that customers need and want, while being compliant, which you implement in your business’s processes and data.

GDPR pushed us to make changes and led us to achieve our transformation.

Of course, we as many other businesses big and small could have done nothing and ignored GDPR or add bare minimum changes at our own peril. But had we done that, we would not have achieved our successful business and digital transformations.

The lesson learned from this case study example is that you can use GDPR or any other kind of disruption where you have to make changes in your Business, to improve your Operating Model and achieve effective transformation.

Julie Choo

About the author

Julie Choo is lead author of THE STRATEGY JOURNEY book and the founder of STRATABILITY ACADEMY. She speaks regularly at numerous tech, careers and entrepreneur events globally. Julie continues to consult at large Fortune 500 companies, Global Banks and tech start-ups. As a lover of all things strategic, she is a keen Formula One fan who named her dog, Kimi (after Raikkonnen), and follows football - favourite club changes based on where she calls home.

You might also like

Leave a Repl​​​​​y

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
__CONFIG_colors_palette__{"active_palette":0,"config":{"colors":{"62516":{"name":"Main Accent","parent":-1}},"gradients":[]},"palettes":[{"name":"Default Palette","value":{"colors":{"62516":{"val":"rgb(19, 114, 211)","hsl":{"h":210,"s":0.83,"l":0.45}}},"gradients":[]}}]}__CONFIG_colors_palette__