So we’re all happy with what GDPR means, right? But what does it really mean; Is it scare tactics? Can it affect you? It definitely isn’t, and it definitely can. No matter how big, or how small your business, if you’re found not to be complying with GDPR, you’re looking at a fine of at least 2% of your annual global turnover.
With recent eyewatering fines issued to the likes of British Airways (€229 million) and Marriott Hotels (€123 million), we thought it might be a good time to give you a rundown of some key ways to make sure you’re not next.
#1 Reach for the sky
If your business already uses cloud services, your data is in a good place. But be sure to treat the cloud like you would your PC desktop; encrypt data and implement any relevant access controls.
#2 Tidy Desk, Tidy Mind
Be organised. The aim here is not to find yourself faced with an access request, but if you were, you’d have 30 days to get that data to the right people; keep all data on customers, suppliers and employees filed so you know exactly where to find it.
#3 Become The Teacher
GDPR shouldn’t be the elephant in the room; be sure to discuss it with your staff. Ensuring you’re compliant can be a team effort and remaining compliant has to be; develop a company process on personal data handling and plaster it on every notice board, staff room wall and loo door for all to see! This will also go in your favour if ICO did ask for a chat, demonstrating your attention to data protection and the precautions you have in place.
#4 Are You Sure You Want To Delete This File? YES!
GDPR, rule number… OK, we don’t remember, but it’s just as important as rule number 1; when you’re done with someone’s data, delete it. At the end of any contract or service agreement, you are required to discard of any personal data unless it’s necessary by law to retain it. This again needs to be common knowledge among your staff so get it documented and hang another notice board if necessary.
#5 Leave No Grey Areas
When it comes to your mailing list, be sure to upgrade to a double opt-in system. This is pretty easy to implement these days (oddly enough!) and is the simplest way to demonstrate that Mr J. Bloggs was indeed fully aware he was consenting to receive your weekly newsletter as the software will record every ‘I agree’ click.
Similarly, be sure to shout about your T&Cs at your opt-in call-to-action; not only will this score you GDPR points for transparency, but it will also help instil trust with your consumers.
Of course, huge GDPR fines and customer data aren’t the only reasons to keep cyber security at the forefront of your mind; cyber crime is always a risk to any business, whether you hold personal data or not. Learn more about the cyber security challenges your business could face, here, and how we can help you become Cyber Essentials certified.