GDPR – Are you ready?

The new EU data protection law is fast approaching and yet a lot of us are still unsure how it affects us? If you’re an SME business and are yet to act, here are some key points to push you in the right direction:

Data mapping – Know what data you are keeping

The first step when tackling GDPR is to map out what data you keep. Grab a pen and note down all the places where customer and employee data is stored and whom and what programs (such as CRM systems) have access.

Privacy policy – Let your clients and employees know

In your terms and regulations, set out what client data you keep on file, and for how long; note that if you use 3rd party vendors and need to pass on customer data, it should be included in your terms. An example may be, if you use a courier to send out goods then the customer’s address will be passed to the vendor. It goes without saying this is an essential procedure for you to complete your contract of sale, you should be covered if it’s within your terms and conditions. The same applies with your employees, review the contracts of employment, make sure you are covered for the data you hold on them and checks you may do, such as email monitoring, CRV checks, or social media activity monitoring.

Security agreements – Know that your vendors are covered

Just as you need to protect yourself, you need to be sure your vendors you use are covered too. Obtain a copy of their data protection agreements to make sure they are compliant.

Data retention – Procedure for the removal of data

Data should not be kept indefinitely, formulate a procedure for the removal of data that has surpassed your retention policy. Note that the legal requirements for duration will vary depending on what data you hold.

Email marketing – Consent

Well this is a big subject, there are a lot of ways the GDPR relates to how you obtain data and how it can be used. I won’t be going into detail at this time, but I have 2 essential points for you to be looking at:

  • Always have an ‘opt-out’ option of any marketing flyer or email.
  • If you obtain a personal email i.e. rob@mycompany.com, request that they ‘opt-in’ to receive newsletters before adding them to a mailing list.

Brexit – Will we still have to comply with GDPR after we leave?

Yes, GDPR is a EU requirement, however even after Brexit, GDPR will still be applicable, as we will still have to deal with the EU.

I hope you found these basic tips useful, GDPR is essentially about transparency & accountability for the data you hold.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sign up to our mailing list for offers, free stuff and competitions

Powered by PC Express
WhatsApp chat

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close