GDPR isn’t going to kill you. But ignoring it will kill your business.
GDPR should ALWAYS be on your radar, it’s not a quick fix thing. It’s about the ongoing management of your data ensuring your business is compliant, so you don’t get yourself into deep water with data fines.
Is GDPR an alien phrase to you? Let’s have a quick tutorial.
What is GDPR?
In plain basic English- General Data Protection Regulation (GDPR) is how you manage personal data. It specifies how you collect, use and protect data.
Why should I care?
Newsflash, ignoring GDPR won’t do you any favours folks. It applies to ALL organisations operating within the EU. That includes businesses outside the EU who deal with those inside it. If you mismanage your data, triggering a personal data breach you can face a hefty fine.
The fines for violating GDPR can max out at €20 million or 4% of global revenue (whichever is higher). And that doesn’t include clients right to claim themselves. So it’s a BIG deal to keep your data protection procedures tight.
Important note: the UK is in a transition period until the end of this year to negotiate a new relationship with the EU. During this period GDPR will continue to apply in the UK.
GDPR basic tips
- Make sure you provide a privacy and cookie policy on your website.
- Make sure online forms have a link to your privacy policy and display relevant disclaimers.
- Be clear and give clients an option to Opt in and Opt out of communications.
- Keep clear records of consent, by date, method and level of consent.
- Make it easy for your clients to update their info with you.
- Make it easy for your clients to request their data is deleted.
- Don’t keep data longer than you need to or ask for data you do not need.
- Have technologies and procedures in place to protect data, including detecting, reporting and investigating any personal data breaches.
- Train your staff on data protection and procedures.
- Make sure you have documented and informed individuals of how you use their personal data in a way that is clear and EASY to understand
Remember we said, GDPR isn’t about quick fixes. Compliance doesn’t stop when you’ve created a new privacy notice or uploaded one online. It’s an ongoing exercise. And don’t forget about keeping the data you have clean, try a data hygiene test.
Why you need a Privacy Policy
GDPR requires you to have a Privacy Policy.
The policy describes the personal data you gather, use, disclose, manage and collect on client’s and why you collect it. It tells users their rights and should also list all third parties data is shared with if applicable.
Did you know… if you collect data on your website, you are legally required to have a link to your privacy policy on your website and your app ( if you have one).
It’s a legal agreement that explains personal information you gather from web visitors, how you use it and keep it safe and secure.
So cover all bases and be upfront and clear about what you’re doing with the data you have.
Bonus tip
If you’re not keeping your data up-to-date you’re losing business – it’s as simple as that. You’re making it so easy for competition to sweep in and steal your clients – you’re not getting that business back, or the referrals that came with it.
