I'm sure that, like me, you are starting to see more and more information coming out about the new General Data Protection Regulations, whether that be from email newsletters, blogs (like this one!), Facebook, LinkedIn etc, etc. I'm not surprised, given that it comes into effect in less than two months, 25th May 2018. What surprises me though is how it all seems quite late in the day to start pushing it. However, it's no doubt been a case that a lot of small businesses have not been aware of it or have stuck their head in the sand. Or maybe some businesses have fallen foul to Procrastination (a very humorous look inside the mind of a procrastinator...but leave this till the end!).
I probably fall into the combination of all of the above but given I run a Digital Services business, it's important I understand what it's all about. So I've started delving into GDPR to find out more.
The purpose of this post is not to tell you what to do, but rather signpost some useful resources that will help other small businesses understand more about it, if they are affected and what they need to do, from my personal viewpoint. There's a lot of information out there and while I'm not saying you need to be an expert in the field, you should at least know if you are affected.
There are two key changes that I think are being made:
1. People need to explicitly say they are happy for their data to be stored. It's no longer allowable to have things like pre-ticked opt-ins to Newsletters, for example.
In my mind, and again, this is a personal view, the key things for small businesses to ask themselves are:
- Do I store personal information about my customers?
- What information about them do I store?
- Where is it stored?
- Is it stored with a third party such as Mailchimp, Paypal, Google, etc. etc.?
- What are they doing with it and what are their policies?
- If asked by a customer to delete their information, would I know what to do?
- Am I open and clear about what data I store and what I do with it?
I think it is worthwhile for a business to take the time to carry out an audit, answer these questions and even map out a process of some kind so that they are comfortable that they are on top of their data.
There are loads of resources out there and you simply need to do a search on GDPR to find it all. However below are some links to the resources that I've found that may prove helpful.
https://ico.org.uk/for-organisations/making-data-protection-your-business - a useful self-assessment tool prepared by the ICO to see if your business is affected.
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ - a Guide to the GDPR produced by the ICO. It's a long, chunky read (and I admit, I didn't get all the way through).
https://www.bgateway.com/business-guides/manage-your-business/information-technology/the-eus-general-data-protection-regulation-gdpr-our-six-top-tips - six top tips from Business Gateway. Look out also for seminars being run by your local Business Gateway office.
https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation - Mailchimp's take on GDPR and what you need to think about.
https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf - another resource from the ICO, this time a PDF on the 12 steps you should take.
As I say, I am not a GDPR expert (there are plenty people out there who are) and am still finding my way through, however, I hope you found this useful.
Do let me know, and if you feel I can help with this or any other aspect of your Digital communications, get in touch.