This week our guest blogger is Louise Hickman from Trusted Compliance Solutions. An expert in GDPR Louise helps businesses to ensure they are confident in their GDPR process, reduce their risk of data breaches and ensure they always remain GDPR compliant.
GDPR – So how is that helpful for my business?
Does it fill you with dread? It really shouldn’t. In my experience its actually a really good law and can help your business. Not just with being legal but with being efficient and increasing trust with your clients and employees. If you are small business or a large corporate, the rules are the same.
GDPR is all about common sense and politeness. We are dealing with personal data, so its things that can identify you as a natural living person, sounds weird but this means that you aren’t a company and you aren’t dead. This could include contact details, photographs and a passport details. There is also special category data which is anything about your body, your beliefs, your race and sexual preferences.
A fantastic way to become more GDPR compliant is data minimisation, there are lots more areas that need to be covered but this is a great place to start. So what does that mean for me?
GDPR teaches us to only use the data that we actually need not the reams of data that we would like to have. It’s logical that if you are a counsellor you might need to know religious beliefs to help a client whereas if you were making them a beautiful lampshade you wouldn’t need to know. Only have what you need and not from greed.
Data minimisation is a great thing, there is less chance of a breach risk if you have less data and it will cost you less to store and maintain it.
Let’s look at reducing client data:
1. Application forms are a great way of only collecting what you need from a client. Review your application form if you have them, do you still need all of that data?
2. When did you last speak to that client? You can’t keep data forever so have a data retention schedule. There may be legislation, warranty conditions or industry standards that require you to keep this data for say 6 years for HMRC. It might be that a particular client may have bought a product from you that is now obsolete, or they are no longer running this business. If there has been no contact for a number of appropriate years, then consider deleting their data. It’s a great excuse to have a spring clean but do it securely!
3. You can also anonymise client data and take the useful learnings from it. By looking at it you may discover that your ideal client is female and in the 35-50 bracket. You can delete the specific, identifiable data but still keep your ideal client in mind for marketing or social media.
There are lots of other ways that GDPR can actually help your business as well as being a legal requirement. There are data flows, data inventories and looking at arrangements with data processors too.