Every business has to be compliant with GDPR
Here are a few tips that may help you to check if you are.
1. Use the Information Commissioner’s Office website
This website ico.gov.uk contains all the details about how to be compliant with GDPR. After all, as the Supervisory Authority in the UK and the people who have to oversee compliance, they should be. The site is written in English and does lead you through the process of checking how you are performing against the standard.
The amount of information about GDPR on the site is still increasing, so you should visit it regularly. Everyone should have this site bookmarked!
2. Check you have consent for those marketing emails
You need to have affirmative consent to process someone’s data and a legal reason for doing so. If you’re taking orders for your business or processing members’ information for your club, then you are allowed to do so: GDPR is not about stopping people doing business. Where you need to be more careful is with the marketing you do.
- You will no longer be able to add anyone to your marketing list without their consent, so be especially careful about buying in lists.
- You should confirm that anyone already on your list wants to remain there. GDPR is why you are receiving so many emails at the moment asking you this question.
- No more opt-out clauses: all should be opt-ins.
- No more doublespeak: make sure people understand what they are agreeing to. You can’t use double or triple negatives that leave everyone confused as to whether they should tick or untick a box.
3. Keep your data secure
Work out what data you are acquiring, what you do with it, where you hold it and when you throw it away (and how). All personal data should be secure, so you will need to look at all your systems and check that they are protected. Also train yourself and all your staff to act securely all the time.
- Make sure your data is backed up and that the backup works. You’d be amazed at the number of times we hear about backups failing and it’s often said that 90% of businesses that have a failure such as that do not survive.
- Protect your data physically and in the cyber world: lock it up and password-protect it with a strong password. A strong password is one that is not easy to guess; make sure it contains different sorts of characters (uppercase, lowercase,numbers and special characters, such as ^£$).
- Email securely. Don’t send unencrypted personal data in unencrypted emails
It’s all just common sense
Really, it is!
You don’t need to make things complicated for GDPR. It is about running your business safely and securely and not winding up existing or potential customers. Something we should all have been doing all along.