You may have been stressing over how to adjust your business to meet the new requirements for General Data Protection Regulation (GDPR). Don’t panic, there are a few things that you can adhere to and we’ll explain how to go about them.
What data do you have?
This all boils down to making sure that your contact list still wants you to keep in touch with them. For instance if you use email marketing, you will need to get full consent from everyone on your list. Along with this you need to make opting out as easy and clear as possible. Think of this as a way of cleaning out unused addresses and keeping your contact list up to date. This is a positive way of ensuring you keep on top of data that isn’t useful to you anymore.
Where do you get your data?
When you are providing a service for someone, you will not need their consent to contact them or store their information. This is because businesses must keep a record of sales transactions for around 6 years, mainly for tax purposes. However, in other circumstances you require full consent in order for you to make contact. If you’re collecting email addresses through your website for a newsletter, this is important that consent is made clear.
How do you store your data?
Be mindful of the providers who you store your information with and make sure they are compliant. Remember that it is your responsibility to keep in accordance with data protection. Therefore if your providers are not compliant then neither is your business. If you’re storing data yourselves, on laptop or pcs, you must maintain good security practices. This includes using strong passwords and physical security eg. locks on doors.
Who do you share your data with?
Finally the new GDPR guidelines are clamping down on who your data is shared with. You are still allowed to give this information to third parties, but you must make this completely clear to the people giving you their data. Users must know that their data is going to be shared before they give you their consent. It is also imperative that third parties who you’re sharing data with keep in compliance with the new requirements. Be sure to check that you’re only sharing with compliant suppliers.
When Does This Come Into Play?
By May 25th all companies must be on the way to changing their business to meet the guidelines. This means that you need to have proof that you’re intending to make a transition. As long as you have proof that you are making decisions to comply with GDPR guidelines then you are unlikely to be penalised. If you have already been following good data protection practices then there won’t be too much for you to do. To read further about the new guidelines you can look here on the ICO website.