How to prepare for GDPR
8th May 2018
With only a few weeks to go until the GDPR legislation takes effect, it’s likely you’ve noticed companies emailing you in recent months to ask if you’re happy to stay in touch.
This is about them being clear and transparent with you and their online community, about what they do with your data and the information they share with you.
As a business owner, you should already be doing the same with your clients while also guaranteeing you will never sell on any customer data you hold to third parties without receiving consent.
But what should you need to have in place before you contact your clients?
Do you need a privacy notice?
Yes, this should be among the very first steps you take to comply with the GDPR.
Your business’ website should have a concise privacy notice to outline who you are, what you are going to do with your customers’ data and who you will share it with.
You need to ensure that any privacy notice displayed on your website is understandable for all of your clients – and this includes children.
It’s good practice for this to be written in clear language and not contain any technical jargon.
Does privacy differ from data protection?
Data protection focuses on shielding any information relating to identifying a living person.
This includes, but isn’t limited to: names, dates of birth, email addresses, phone numbers and even IP addresses.
It originates from a perceived right to privacy, which the EU considers to be a fundamental right, and aims to ensure the fair collection, use and storage of personal data.
Do my customers have rights?
Your customers have the right to ask you not to process their personal data for marketing purposes, and they can request to have their details removed from your database.
Contain a contact email address in your privacy notice, so any customer can exercise these rights at any time.
What if I suffer a data breach?
You should report a personal data breach to the ICO within 72 hours of recognising it, while also notifying the individuals affected by the breach without delay.
Regardless of your personal data being breached, you should have robust detection, investigation and reporting procedures in place to help you report any breach to an authority or those affected.
As we stated in our January 2018 blog – are you aware of the GDPR? – we’re learning about this as we go and therefore we do not offer any advice on it, and just hope to raise awareness.