GDPR - What does it mean for your business.
AztecMedia are taking a practical approach with clients around GDPR, which has resulted in 4 key areas of focus. Rather than going straight into data mapping exercises or audits, our clients appreciate our take on what this new data protection code is really trying to achieve.
In addition, the work that you may need to do will depend on the type of business you are, your current compliance under the Data Protection Act and the extent to which you presently handle personal data.
In our view, the essence of Privacy by Design (a key theme under the new Regulation) is a focus on what you’re actually doing in your business, day in, day out and how that fits around these new requirements. For this reason, the one size fits all approach being offered by many ‘experts’ in this field will be irrelevant to many businesses. We therefore work with businesses to understand where they are and to consider how they currently handle data in their business, leading to practical solutions that they can put into place by 25 May 2018 - the date that the GDPR comes into effect.
There are many aspects to GDPR and we are also considering those; however, to start on this journey, our 4 key areas are:
1. Current Client or Customer Data
What do you have? Where is it? Are you intending to use this data for other purposes, such as marketing? Are you training your staff about GDPR? You may have heard many people talking about gaining consent – in fact this approach may not be the right one for your business and potentially damaging to your business! We’re helping business owners to determine the best strategy for them, in handing existing data.
2. Historic Data and Other Information
(from bought-in customer lists, for example) There may not be a sufficiently-strong reason to use old customer information or marketing data that you may acquire; the approach to marketing is therefore changing. Does this fit with your existing marketing plans? Particularly where you are sending e-mail newsletters or similar, for example. An assessment of the value of this information will likely be beneficial to your business and marketing planning, going forward.
3. Communications and Privacy Notices
How do you presently communicate the ways in which you use, for example, client’s contact information? Do you share it with others? Have you confirmed your clients’ preferences about marketing, for example? Positive communications that recognise the impact of GDPR with your users is likely to present a significant competitive advantage over those of your competitors who may not be up to speed with their new obligations.
4. Requests & Challenges
Any failure to deal effectively with a subject access request (SAR), a request seeking information about what you hold on particular individuals within your business - may lead to a breach under GDPR but, in addition, may lead to poor reviews and comment about your business on social media and other online channels – in reality, this could be damaging to your brand and reputation. Do you have a response plan, ensuring that you could meet a SAR promptly? Do you know where all of the relevant data is for each individual with whom you engage and are your staff aware of the significance of such a failure, through appropriate training? Responding efficiently and quickly to any request will show your business in a positive and professional light; a business that takes its data management obligations seriously.
Name: Richard James - Solicitors Title
Office: 01935 385 963
Any updates to your website may need to be made by one of our web developers.
Name: Oliver or Richard
Title: Web Developers - AztecMedia
Office: 01935 477 073