On May 25th 2018, how you handle your customers data comes under new regulation introduced by the EU to protect its citizens rights relating to the storage and use of what is essentially our data.
In theory if you DON’T interact with citizens from the EU, then you need take no action, but in this global community, it will be difficult to locate that lone French sign up to your mailing list to whom GDPR DOES apply.
So you need to be prepared…
Overall it’s a good thing for those of us who regularly fill in a form on a website or buy online with our personal details and wonder where they go, but for those of us who do business in the digital space, it requires some extra processes to ensure we’re doing the right thing.
GDPR (General Data Protection Regulation) basically allows you (the customer) to request what information is held on you, what it is needed for and make it easy for that data to be removed.
GDPR for the business means that current data protection safeguards needs to incorporate the requests that may come in from our customers. So how would a user currently request to remove themselves from your mailing list? Your CRM? Your online store? This needs to be an easy, obvious and presentable process. Failure to provide a coherent plan may result in large fines.
At its most basic level it’s a process. So a page on your site with a form requesting the personal information or requesting for it to be removed. Then what happens when that form is received? Where is that person’s data? In the site CMS? In your CRM? In your mailing list software? In your inbox? Or in that spreadsheet you left on your desktop?
Just knowing where that data is and that it’s being treated with the proper respect is a good first step. Would you like your email address or real world address being pinged around the web as an email attachment?
Then, how do we manage that user’s data?
This may include considering length of storage, user access requests, whether it’s up to date, can be updated as well as deleted.
Every organisation is different in terms of what it needs to hold and how it uses it, so your own process will differ.
The practicalities of everyday life online will be altered greatly if more scrutiny is applied, but as we have recently seen in high-profile news stories, the appetite to give away our data may be on the decline.
Crowd have been working on a typical GDPR framework that will apply to many of our clients and that can be adapted for special cases. We will present our recommendations to you soon and what impact this new legislation will mean for the way you manage personal data.
Guide to GDPR on ICO (the upholder of information rights for UK citizens)