GDPR and Data Protection?
Personal data is just as important as the skills that you use in your business and the products that you sell. Personal data is anything which does or could identify an individual. If you don’t use (process) any personal data, you probably don’t have a business. To find out more about whether GDPR and data protection apply to your business read here
Here are 3 GDPR Data Protection tips for every small business:
1 Be clear that GDPR/data protection isn’t just about complying with the law
The Data Protection Act 2018 applies to all UK businesses. Yes, if you don’t comply with it, you will be fined or worse. However, data protection is also about maintaining the trust of your clients/customers. When someone buys a service or product from you they expect you to take care of the personal information that they share with you. They place their trust in you. They trust, for example, that you understand
- how important their personal data is and
- how to take care when processing it (collecting, using and storing) their personal data.
Think of the loss of faith and disappointment reported in business who have failed in data protection like Facebook in 2018 and 2019 (who were also fined €265 million). Statistics also show that 60% of small business close within 6 months of a data breach or cyber-attack.
2 Collect and keep the personal data you actually need and can use
It may sound obvious, but it isn’t always so clear in practice. For example, some businesses might ask for information about someone’s ethnicity or whether they have any disabilities. If this information is integral to supplying your products then of course you need it. If it isn’t, then ask yourself why are you collecting. If it’s just ‘nice to have’ rather than ‘I need this’ you probably shouldn’t be collecting it.
Keeping as data as possible, may seem to be really valuable to your business. Having good quality up to date data that you need and use is much better. As forensic accountant and data expert Gregg Thaler once said, “contact data ages like fish, not wine … it gets worse as it gets older, not better.”
Also be clear about how you use that data. Know the data protection rules and don’t for example, use data for marketing if you haven’t got the right to use it in that way.
3 Work on a process that makes GDPR data protection as easy as possible for your business
We like processes (probably a little too much). It’s because they make it easier to get things right. Compliance is all about
- Saying what you do
- Doing what you say
- Proving it.
Let’s examine that in a bit more detail:
(1) Saying what you do
The best way to do this is by understanding what you need to do and incorporating this in data protection policy. It will help you to understand and put into practice what you need to do for data protection. It also helps you show everybody else what you do.
(2) Doing what you say
It’s not enough to have a great policy. You need to put that into practice. So, for example, if you say that
(3) Proving it
Sometimes we do things without keeping a record of things. For example, you’ll check that insurances are still in date without recording that check. If someone asks you to prove you’ve done that check you’ll need a record of it. It doesn’t have to be complicated. A quick note that you ’ve (your name) checked that insurance was valid on the 10th January 2023 works just as well.
GDPR and Data Protection is important to your business and you need to be clear how to do this. You can make it easy as possible to comply with data protection so don’t make it more difficult than it has to be.
Want to know more about GDPR and Data Protection?
If you’d be interested in joining a GDPR webinar, please let us know here
If you need help with data protection look at our Data Protection Toolkit. It combines essential training about data protection with a data protection policy and other documents and support. Learn what you need then use the documents to make it happen.