The European General Data Protection Regulation (GDPR) is effective from 25th May 2018. It is relevant to ALL businesses, including the small ones, as every company holds data in some way or form.
The aim of GDPR is to give citizens more control of their personal data but there has been some confusion around exactly what needs to be done in order to comply and avoid those hefty fines. If you’re a little lost and confused, here are 4 things to start your GDPR journey. Now I’m not saying this will be it but at least you’ll be able to get the ball rolling.
Be completely transparent in your policy offering information about what personal information you hold, where and how you hold it and what you intend to do with it.
- Ask newsletter subscribers to consent to receiving newsletters.
If you have a newsletter subscription list, get this list to consent to receiving future newsletters. Offer them the choice to either continue receiving communication or the opportunity to opt out in a clear and open way.
3. Use a positive opt-in
If customers are opening an account with your business, don’t use pre-ticked boxes of default options, there needs to be clear consent and consent needs to be kept separate from terms and conditions.
4. Allow all customers to opt in (or out)
You will hold information about each customer who has ordered from your website, some of these might also be subscribed to your newsletter but some may not, to avoid missing anyone on your lists, allow all customers the opportunity for you to either keep the data you hold or remove it, as well as the option to opt in for future contact.
What else do I need to do and where can I find information?
It is likely that there are more things that will need to be taken into consideration and if I have to be honest, some of these things still don’t make 100% sense to me.
However, I found this great resource to give a little more clarification about the main implications of GDPR – GDPR for Small Businesses and if all else fails, speak to a consultant, I was advised to use GDPR Advisor UK