From May 2018, the way businesses and websites collect customer data will need to comply with General Data Protection Regulation (GDPR). The rules are designed to give customers more control over the data they provide, and businesses will need to change some of their processes.
92% of businesses have a “database where they store customer information”, so GDPR can impact both large enterprises and small businesses like yours.
Make Data Visible and Editable
If a customer consents to providing their data, they also need to be able to view, edit, and delete it if they choose. When customers log in to your site with their details, they’ll need to be able to access these functions. If your site doesn’t currently have a login, but you ask for an email address for a newsletter or mailing list, you’ll still need to give users the same options.
Categorise Data Depending on Sensitivity
Basic data includes names, phone numbers, and addresses. More sensitive data includes bank details, information about racial or religious origin, and health records. If your business needs to process sensitive data, the reasons will have to be outlined in your terms of service and be clearly explained to potential customers and site users.
Create Email Opt-Outs
If a customer or potential customer provides you with their email address, they should be able to choose what kind of information they receive, or opt-out of all emails entirely. This requires some extra maintenance, but can be really useful for businesses who want to personalise and segment their content for specific, interested customers.
Encrypt all of Your Data
All personal customer data should be encrypted as a security measure. If the data is breached or stolen, encryption will make it unreadable. Stolen data can damage your business’ reputation and result in financial loss through fines from the Information Commissioner’s Office.
Change Your Understanding of Consent
Over the years, you’ve probably picked up a few customer details along the way. If they didn’t explicitly consent to you using their details in a way that’s GDPR compliant, you either have to delete their details permanently or ask for permission to use them. Data also ‘decays’ over time and some information can be completely out of date within a few months.
Repermission Your Database
Your current database of customer information is unlikely to be GDPR compliant, so you’ll need to ask the data owners for permission to use it. This is another good opportunity for a spring clean, and will make sure the customers you’re marketing to really want to receive your emails. The >way you ask for permission is very important, because it can warm up customers who were previously cooling down. Keep on topic, keep it brief, and keep it compliant.
If you need extra funds to help you get GDPR compliant, Capify can help you raise between £3,500 and £500,000 in finance, depending on your monthly turnover. The application is simple, and you can get a decision within 24 hours.Get A Quote