Well, it seemed to have gone off the boil for a while but it seems to be back! I recently read an article in the Independent where it’s claimed that small business owners are still ‘clueless’ about data protection rules. So how big is this lack of awareness time bomb? Welcome to GDPR part-1!
According to a ‘poll’ of 1,000 small businesses there appears to be confusion on what they should or should not be doing. I’m not professing to be an expert in this area however I do have some understanding. As a result, I’m going to be lazy and decipher the article into meaningful chunks. I hope it might make us, including myself, a bit more aware of the regulation. For any expert(s), please feel free to interject!
So, 50% of SME’s are confused by the rules behind data protection and privacy. There’s tons of guides, tips and checklists out there but for simplicity, I’m going to try and bring down the 50% figure.
Getting the correct processes and procedures in place is therefore very important. As my day job involves me summarising large datasets into smaller, meaningful chunks. I’ve done something similar to my understanding of GDPR. I have already written a post on this in the past however there’s no harm in reiterating.
The journey starts with how you actually capture the data in the first place. Here we’re talking about personal data or data which identifies your customer. If you have a piece of information which can identify your customer e.g. name, then you need to be aware that GDPR directly affects you now. How you obtain that personal data is now under scrutiny. You need to ensure any data you capture has been provided with full consent given. Yes, there’s other criteria aside from consent such as legitimate interest but let’s stop being lazy shall we? Let’s make it crystal clear to the customer what we’re capturing and what we’re going to use it for. More importantly let’s make it clear to the customer that if they don’t agree, they don’t have to provide this information.
To be continued…