How To Guide: GDPR – 3 practical steps for today

There has been so much GDPR information floating around and, having spoken to many different experts and read umpteen blog posts, there are still some grey areas. Even large organisations are waiting to see before they commit to their new policies.

However, the existence of grey areas isn’t a good enough excuse to do nothing. It is really important to think about the data (this includes emails, names, dates of birth and anything else that can identify an individual) you hold, where you hold it, why you hold it and how you are protecting it.

For small business, integrity and authenticity are your life blood so now is the time to make sure you are heading in the right direction.

Here are 3 practical things you can do this week to make sure you are achieving the basics.

  1. Consider how to gained the data you hold. At the time you got that data, did you specifically ask if those individuals if they wanted to hear from you again? If you are not sure, can’t remember or your business has gone through several different changes then it is important to clear this up. You have a few choices…..you can remove everyone from the list and start again. You can email all your subscribers, explain the situation in clear language and ask them to re subscribe to your list or they will be taken off it. Finally (& this is for those of you who are quite confident you have been asking people to actively to opt into your list of emails) you can simply give your subscribers the option to update their details. All theses facilities are available on Mailchimp.
  2. Write a basic Privacy Policy that is published on your website or blog. If you are gathering data of any kind, whether it’s emails for newsletters or emails for people to access your WiFi or people who have made enquiries to you, then you need to let people know what you are doing with that data and how you are protecting it. There are lots of templates out there but head over to the www.ICO.org website to get the right information from the horse’s mouth. This can be simple and clear but very important and must also include what you would do in the event of a data breach.
  3. Finally, many of us are holding data with 3rd parties which we don’t always think of. You may use accounting software which holds details of your customers or you may use 3rd party booking systems. Although you are not holding that information yourself, it is important to let all your customers know that their information is held on these pieces of software and send them a copy of those 3rd party organisation’s privacy policies. Simply search for their privacy policies and include that information in a specific email to your customers as well as including them in your privacy policies as described above.

I hope that this has been helpful and head over to the Facebook group today to ask your questions or start a conversation to support and help each other through this process.

Have a fabulous week!

Emily