As GDPR ramps up in the UK expect to receive emails from businesses that hold your ‘personal data’. GDPR is going to be a major shake up for data holders and affects every business holding as little as a name and phone number.
Here at OHM Nigel Stevenson is our ICO data officer and registered to take care of all personal data held within the business. Recently we held meetings with a GDPR consultant to bring our data archive up to date, (well actually it’s already pretty tight).
The main issues are:
- data retention
- data recording
- data archive
As our expert said time and again, you must take ‘reasonable steps’ to protect personal data and have a reason for keeping it. This may affect what data you request, do you really need all of your customers personal information? Do you need to keep it in the future? Is the data safe and protected?
For example, you sell a customer a fridge, the fridge is delivered (tel/address) and has a 2 year warranty.
- Do you need to retain that address after 2 years?
- Did you add the customers details to a marketing list?
- Have you passed that data onto a third party?
- Have you disposed of the data securely (disposal certificate, see: castlesremovals.co.uk/security-shredding)
Many businesses like us hold email addresses, we use them to let our client know what’s happening in the web world like this news post, but we store a mix of business and personal email accounts. All our email news feeds have an ‘unsubscribe’ and all on the mail list are active clients with an interest in what we have to say. The accounts are stored on an office PC with a password within a secure office. We also use MailChimp to distribute our Newsletters, their Privacy Policy is very clear and reassuringly secure, see: mailchimp.com/about/security
Look out for more of these messages
and here’s how a local golf club is managing it’s customers GDPR showing ‘reasonable steps’ in action: see video