As a result of the services we offer and by having an online presence on social media and our own website we gather data on individuals via the world wide web, email, phone, apps and contact forms. This isn’t really anything new and we have always been up to date with regard to data protection regulations but its important to recognise that we now need to be a lot more explicit even with those things that seem obvious.
How did we deal with GDPR?
The first thing was to review how we used and stored data. From the obvious such as data captured via contact forms on the website to the not so obvious such as customer conversations via Whats App or text messages. Pretty much every time we come into contact with someone electronically data will be captured and may be stored, its important to keep a log of these channels of communication.
Secondly, we made a list all the places where data is stored, Drop Box, iCloud, on our phones, laptops, hard drive back ups etc. If someone were to ask for us to remove all their data would we be able to locate it all? So we wrote a procedure describing how we would remove someones data from our business and a procedure describing what we would do if data was breached. These aren’t complex documents, just simple notes describing how we would react to data requests and issues.
We also asked ourselves what was the point of having data from years ago that was no longer useful and mostly out of date? We then had a spring clean and deleted data that we had no reason to keep and therefore removed any potential issues with regard to it being breached or us having to identify and log it.
And finally we wrote this blog post and added links to all the relevant pages in the footer of our website. We wanted to make it clear that we are not trying to hide the information in an abandoned corner of our website and that we will continue to look after your data.
There is no shortage of tips, guides and courses free and paid for that are available on and offline. We used the Information Commissioners Office, “The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.”. There is a lot of information to go through but the following 3 documents are a good starting point:
The main thing to understand is that you have to act, you can’t simply copy and paste someone else’s procedures as they may not cover all aspects of your business, you have to look at data protection in accordance with how you operate. If you have any questions please get in touch. Fill in the form below, email us, send a direct message on twitter or call on 07800 901 449.