GDPR and how to sensibly manage data

GDPR and how to sensibly manage data

business-tamer-slider-01

We recently caught up with Judith Andrews – Director of Business Tamer, otherwise known as ‘GDPR Guru’, to help outline some of the basics of GDPR and provide some reassurance in how to safely and sensibly manage data within your business.

What is GDPR?

GDPR is the common phrase for data protection in the UK and comes from the introduction of the General Data Protection Regulation in 2018. But it’s not just GDPR – there’s the Data Protection Act 2018 and the Privacy and Electronic Communication Regulations as well. These three together generally cover data protection and use for small businesses.

What does ‘legitimate interest mean’?

Legitimate interest is one of the 6 lawful bases in the GDPR which can be used to collect, use and store personal information. Briefly:

  1. To use existing personal information with legitimate interest, you must believe that your customers/contacts would reasonably expect you to use their information for that purpose.

  2. It is your responsibility to balance your legitimate interest to use the data against the interests, rights and freedoms of the individual concerned.

  3. It’s a legal requirement to clearly explain your legitimate interests in your privacy notice

Legitimate interest is the most flexible, but you must document your reasons for using it, keep a record of that process and explain your conclusions clearly to the individuals concerned. 

When can you contact your customers?

You can contact them whenever you like – but no one likes spam!  When you first collect personal information from your customers/contacts whether that’s through a contact form on your website, at an event or in the process of an online sale, you need to inform your customers why you want their information and what you’re going to do with it.  So if you want to send weekly emails, tell your customers that’s what you’ll be doing!

Is there a max time frame you can keep someone in your database?

Keeping information depends on your retention policy – this will show that you’ve thought through how long you want to keep information, why you’re going to use it over that period of time, and how it is going to be stored during that time. Every business is unique, and the needs for keeping personal information will be unique as well. There are some statutory reasons for keeping information – for example, to meet tax regulations or employment legislation, but if your business needs to keep information for 10, 20 or 30 years, then you can. But you must make sure you’ve documented the reasons for doing so and also told your customers.

Privacy policies – simple steps for websites to be compliant

Privacy notices or policies don’t just apply to your website – this key document is to inform your customers/contacts why you want their personal information – what information you want, how you’re going to use it and how long you’re going to keep it for. You need to include a number of points such as contact information, your lawful basis, retention period, storage, sharing details, customer rights and finally how to make a complaint to the supervisory authority, the Information Commissioner’s Office. So many privacy notices, especially on websites, get confused about cookies – but there should be a separate policy that covers cookie use on a website. A privacy notice is about personal information use. There’s a great template on the ICO’s website which is free to use.

corporate social responsibility ideas

Written by Judith Andrews

Director of Business Tamer

Recent News

24 Ideas For Your ESG Policy
Marketing
By websites@idomarketing.co.uk / April 18, 2024

24 Ideas For Your ESG Policy

Environmental, Sustainable and Governance - ESG is not a new acronym, but it seems to have encompassed CSR aka Corporate...

Read More
The 30-day Director Challenge
Marketing
By websites@idomarketing.co.uk / April 1, 2024

The 30-day Director Challenge

As the Director of I Do Marketing, and working with 100’s of Directors over the years I hear so often...

Read More
How To Take Notes Effectively
Marketing
By websites@idomarketing.co.uk / March 26, 2024

How To Take Notes Effectively

While at the University of Kent, I learned many things that have proven beneficial in my current role at I...

Read More
How To Tell If My Marketing Is Working?
Marketing
By websites@idomarketing.co.uk / March 13, 2024

How To Tell If My Marketing Is Working?

Marketing success will look different to everyone - depending on your goals and your business. For example if your goals...

Read More