Are you ready for 25th May? Apparently 62% of you aren’t!
Here’s a brief snapshot …
GDPR is all about giving consumers more control over their personal data. So basically you as a business need to make sure your data collection techniques are simple and clear and that you’ve got explicit consent to use and store their data. Every business that gains data from clients will need to have a rethink about their procedures. If you don’t you could be slammed with a fine.
So what info does GDPR relate to?
Personal data – so basically anything that relates to an identifiable person, it could be names, addresses, HR records, customer lists or even a computer IP address. So even if you’re only using tracking facilities you need to consider how you deal with that information.
What should you be asking yourself?
Do you need all the data you collect?
Do you really know the data you have?
Are you storing it securely?
So what are the key elements you should be considering?
Know your data – What data do you have, where it is coming from and where it is going.
Think about consent – It should be unambiguous, separate and easy to prove. You’ll even have to gain consent from retrospective customers.
Make sure you understand the rights to data access – Individuals will have strengthened rights to access any data held about them and be able to rectify inaccurate data.
Get acquainted with what constitutes a data breach – Put in place a process for flagging breaches, there is a lot to learn so inevitably mistakes may be made along the way to being compliant.
Think about your T&C’s and suppliers – Do your due diligence on suppliers that you share or process data with, you’re responsible for that too!
Ensure your customer facing privacy notices are detailed yet clear – You will need to think about how you write your policies and make them accessible.
Understand whether you need to appoint a data protection officer (DPO) – The majority of businesses with fewer than 250 staff will be exempt but make sure you’re not caught out, double check!
If you’d like any advice on GDPR and how your business can tackle the upcoming changes give us a call on 01904 599500