GDPR part-3, it’s coming home!

And the final part of our GDPR series.

Back to GDPR

But let’s say the customer knows what they’re getting themselves into. You need to ensure that there’s no ambiguity between that and what they will go on to receive from you.  So going back to the point of making sure the material they downloaded and receiving communication commensurate to it, the two are joined to the hip – you can’t separate them.

Be clear

Again, be crystal clear. If you download this document on how to optimise your website, you may wish to contact the customer as a follow up (providing they’ve consented) on how you might be able to offer a service to expedite this process.  If, subsequently, the customer makes it clear to you they’re not interested, make sure you don’t contact them again about this.  Also, keep every recorded for your own benefit. For example capture the customer consented to being contacted about website optimisation on xx/xx/xx but then opted out on xx/xx/xx.  This leads on to a much wider discussion on having a customer preference centre, but I’ll cover that another day…

Destruction

Finally, we need to talk about destruction.  No, not the end of days – yet. Once the data has become old, unused, redundant, your responsibility doesn’t end.  Over 50% of businesses, for example, did not destroy their paper records securely and confidentially. Yes securely, again, but confidentially are key.  Extending to staff records (71% of businesses), visitor books (86% of businesses) and minutes from meetings (78% of businesses). It seems we’re pretty much doing this COMPLETELY WRONG.  Secure and confidentially, secure and confidentially, secure and confidentially.

Conclusion

And that concludes the personal data food chain.  The topic of GDPR is actually much more vast than what I’ve surmised above. There are subtle but key differences between whether you’re a B2B or B2C organisation but my tip is always go for consent. It’s the safest option, always.  And as mentioned get some legal advice, if only to demonstrate intent.

Oh yes, that leaves breaches, sorry.  So here are some key points deduced from the article.

• 40% of businesses didn’t know loss of paperwork could be a data breach
• 36% of businesses weren’t aware personal data posted, emailed or faxed to the wrong person could be a breach
• 60% didn’t know the ICO have to be notified of data breaches where individual’s rights are affected
• 50% of businesses didn’t know those affected by a data breach must be notified
• 45% of businesses have no insurance to safeguard against cyber or data risks

I’ll end the article with a formula which all of us ideally wish to avoid:

Data breach = Fine worth 4% of your annual revenue

(That’s revenue, not profit)

At Pulse Media Group we provide products and services with a special touch, ranging from multimedia publications, digital marketing, website creation, data, software development and more. And of course GDPR tips!