From 25 May, the General Data Protection Regulation (GDPR) comes into play across Europe. The aim is to make sure businesses protect personal data, and give their customers and service users more control over how their information is used. The deadline is coming up, but according to the Federation of Small Businesses (FSB), 33% of businesses haven’t started their preparation, 35% are still in the early stages, and 8% aren’t ready for GDPR at all.
Document the Kind of Data You Process and Why
GDPR will demand you’re able to demonstrate the purpose of data collection, where it’s stored, and how you request it. This is to prove you comply with the regulations, but also to reassure and inform your site users why they need to give you their data in the first place.
Data should be categorised depending on whether it’s ‘personal data’ or ‘sensitive personal data’. Personal data can be used directly or indirectly to identify someone, such as their name, email address, or location. Sensitive personal data includes genetic and biometric data, and only very specific business types will use this. If your business is one of them, it’s important to seek advice from a Data Protection Officer to make sure you’re compliant.
Make it Easy for Customers to Withdraw their Data
It’s fairly simple to collect an email address and a few details from a customer, but is it simple for them to request you delete this information? To give people more control over their data, they need to be able to request you remove all traces of their data and receive confirmation. This means you need to delete it from your database, and any third party apps you use (e.g. MailChimp and Shopify) quickly and without discussion.
Keep Updating Your Data Storage and Processing
It’s the website/business’ responsibility to be diligent and careful with data, so it’s up to you to prevent data breaches. The Information Commissioner’s Office (ICO) regularly investigate and fine businesses responsible for losing data or a breach, regardless of their size. If you’re not sure how secure your business data is, take the ICO’s self assessment to find out.
Check How Compliant Your Apps and Third Parties Are
Any suppliers, apps, and third party services you use need to be GDPR compliant too, because it’s likely you’ll be sharing data with them at some point. Many services are publishing their GDPR information and how it will affect their operations, so make sure you seek that information out. If it isn’t available, it’s time to look for an alternative service that is GDPR compliant.
If you’d like to invest in some GDPR training and advice, or if you need to hire a web developer to make the necessary changes to your site, Capify can raise you from £3,500 – £500,000. People use this money for many different purposes, whether that’s to carry out something ambitious, or simply necessary. Get a quote today to find out how much you can raise.Get A Quote