Well it works for the Boy Scouts so it can work for GDPR. This post is covering how you can prepare for GDPR.
Again, get a tea, grab a notebook and let’s get comfy.
Now is the time to look at all the data you hold and where it is. Make a data audit for your business – use Excel, Word, whatever works but make sure it’s something you can access easily and add to when needed – also password protect this shizzle because this is vital information and you want to keep it safe. Go through all the areas where you collect data, what data you have, how you store it, how you got it and who you share it with.
Once you have this audit think about centralising all your vital data, so anything that is super important to the running of your business. Excel is good for this as again, you need to start introducing Password Protection into your life. I have read that they are making people think carefully about choosing any cloud based platforms to do this because they can be hacked.
Everyone has rights
They might want to know stuff
Anyone has the right to ask you what information you hold on them, so think about how you would handle this, what would you provide and how long would it take for you to supply the information they need. You need to have a procedure in place to handle this type of request.
Age is just a number
It’s really important to think about the user behind the screen and you should make sure you have systems in place to verify people’s ages and if it requires for you to get parental or guardian consent for any data. I bet CBeebies will be looking at this very strongely because of the apps that they have.
There’s been a breach
Plan in advance how you would handle a data breach i.e. maybe you email someone accidentally who had “opted out” of your list, or maybe they didn’t actually give you consent for you to sign them up in the first place, you just met at an exhibition one day, took their business card and added them on (naughty). Maybe you data list wasn’t password protected and you’ve been hacked at home and their data could be at risk – think about how you would handle this IF it happened.
It is really important that you read up on the ICO’s code of practice and become familiar with their guidelines and advice.
The next post is all about GDPR, email marketing and the changes to “consent”.