If you are running a business, then the General Data Protection Regulations will be with us on 25th May. This beefs up personal privacy which is good and doesn’t have too much impact on the business, which is also good. GDPR applies to all personal data, whether held electronically or physically. That includes people in a business, such as your suppliers, as well as consumers.
It boils down to:
- having a valid reason to hold data about people, for which you sometimes need their permission;
- Having a data retention and destruction policy;
- Being able to show people what data you hold on them;
- Being able to show you have their positive permission if required;
The main area where you need permission is marketing, so get everyone’s permission for you to send newsletters, etc.
And don’t think only the big boys will be checked out by the ICO: an unhappy customer or disgruntled employee might get you investigated. Lots of your time and money wasted.
Get ready now!