Hill

GDPR locate and understand personal data in your business

The solution to dealing with your GDPR challenge is about context. A bit like when you climb a hill. The view you get varies every time you stop and look. Simply, locate and understand personal data in your business. I was talking to Mark Gracey, from Flavourfy, our GDPR guru and partner for explaining all things GDPR. I set him this challenge, “Mark, for busy business people, they do not want another GDPR webinar, seminar or paid for download. They just want to know, what to do. What website page to put up. Forms to write. How to stay legal. Let’s give them a list…”. The good news is, Mark said, “yes, a Privacy Page on your website is one place where you can put your policy and the ICO gives some good examples of this…” We have a link below. The bad news is, the information we store on people can be in a variety of places, environments and situations. Hence the need to communicate a specific privacy policy in those specific situations. It’s about context.

Communicating privacy information

I can do no better than quote directly from the Information Commissioner’s Office, the ICO, website page on this topic which is very helpful and clear,

“You should not necessarily restrict your privacy notice to a single document or page on your website. The term ‘privacy notice’ is often used as a shorthand term, but rather than seeing the task as delivering a single notice it is better to think of it as providing privacy information in a range of ways. All of the information you are giving people about how you are processing their data, taken together, constitutes the privacy information. More here

You can communicate:

  • Orally
  • In writing
  • through signage
  • Electronically

As Mark Gracey says, “If you are at a trade show, for example, and you collect personal information, be clear what you will do with it.”

Some Useful Tools and Templates

Here is the ICO’s Privacy Policy from their website – here.
These Steps to Compliance, on this sheet specifically page 6 are concise and useful – here
Key actions we recommend for small businesses looking to address their GDPR are:

  • Awareness & Training –  review ICO Preparing for GDPR 12 steps to take now here
  • Audit – The key point is where is data stored, where did it come from (data flow). Remove redundant data.
  • Privacy notices in practice – ICO guidance.
  • A lawful basis to process personal information e.g. consent or for contracts – see here
  • Procedures – record your processes similar to ISO or other procedures. If you area Microsoft user they have a portal for this:  aka.ms/compliancemanager
  • Appoint a person responsible for data protection – Data Protection Officer – DPO.

Make GDPR an Opportunity

I think it is an opportunity to get more business. You may groan…The point is that old data should be destroyed, so what is the problem? That will save you time and cost avoiding looking at redundant information. The data you have left in the form of contract information and marketing information should be used to get sales, so put it to use:

  • Contact people with offers, don’t just ask for consent
  • Find out if you have worthwhile data, if not you need more and better
  • Or improve the relationship with a marketing:
    • Blogs
    • Newsletters
    • Events
    • New services
    • New products

These are just ideas…

If GPDR makes us all do more to improve our data, replace it or work better with it, that is good. The solution to dealing with your GDPR challenge is about context. A bit like when you climb a hill. The view you get varies every time you stop and look. Simply, locate and understand personal data in your business.

Peter Eales BA Hons Chartered Marketer FCIM FIDM
Founder Director Dorset Business Angels
MD o i solutions limited

Posted in Blog.