Earlier this week, me and CANDDi’s CEO Tim, were laughing about a call I should have taken care of.
After putting it off for longer than I should have, Tim joked about having to speak to the caller in question himself. He mentioned that as punishment, he’d given them my mobile number.
As most of you know, CANDDi is a pretty laid back business. We can quite freely joke with Tim about our work (or lack of).
So I quipped back with an ‘erm excuse me, what about GDPR?’ I mean for a data business, I thought this was pretty funny.
Of course, Tim didn’t really give my personal data out without consent. But with all jokes aside, it raised an important question within the team.
What do we all actually know about GDPR?
Sadly, statistics show that just under half of businesses have fallen victim to cyber crime in the last year.
With the majority of us resigned to working at home, we can’t say this is surprising. But with the way the world is going, how can we combat digital attacks going forward?
That’s why it’s important to make sure that everyone in your business is aware of GDPR, and what it takes to be GDPR compliant.
This goes for your own operations, as well as any third-parties you might get involved with.
What is GDPR?
GDPR is a privacy regulation that applies to businesses selling and storing people’s personal information.
Personal data is described as any information that could identify that person in question. This could be anything from their name to their bank details.
What happens if I don’t comply?
Not many of us want to actively go against GDPR regulations, unless you’re a bit dodgy of course.
But the world of data and data privacy can be a little confusing, so it’s not surprising that sometimes certain practices can fall through the cracks.
This doesn’t make you a cyber criminal, but you really don’t want to be caught on the wrong side of this one.
Not only will it massively affect your business and reputation, you can also land yourself a hefty fine of anywhere between 2% to 4% of your annual turnover.
So, how do you make sure you stay in line?
How to become GDPR compliant:
1. All members of the organization should know about GDPR
All employees should know what GDPR is and what it means to be compliant. This includes knowing the regulations surrounding collecting, processing, and storing data.
It’s also important to be aware of the consequences should you fail to comply.
We recommend carrying out regular training so your employees can understand their responsibilities. This will greatly reduce the probability of your staff doing something that they shouldn’t.
2. Keep a record of all the data your company acquires
It goes without saying, all of the personal data you hold should be documented. If it helps, set up an inventory so it’s easy to call upon if ever you need to.
You need to know what types of data is held, where it came from, how you collected it and if/ who you shared it with.
3. Make sure it’s backed up legally
If you’re keeping a record of all your data, your company should identify and document the legal basis for all processing activities in the GDPR.
Your privacy notice should also be updated to explain it.
4. Manage consent
When it comes to anything GDPR related, you need to make sure you’re getting consent.
The option for people to agree on data collection, should be specific and explicit. We don’t want any blurred lines!
That’s why it should also be separate from your other terms and conditions. If your website visitors change their minds, it should be as simple to withdraw consent as it was to give it.
5. Worst case scenario
Hopefully with the above steps in place, you shouldn’t need to worry about this one. But if the worst happens, you should have the procedures in place to report, investigate and act upon any breaches in data.
Failure to do so could result in a fine, and you don’t want that.
6. Employ/ Designate a Data Protection Officer (DPO)
Finally, you’ve got a privacy/ data policy in place, you should designate a DPO who will be in charge of data protection compliance.
As it’s such an important topic, it’s important to have someone who is solely responsible for ensuring data protection.
This will minimise any potential slips up and make sure you’re on the right side of GDPR. Phew!
We hope this helps! If you’re interested in CANDDi but are worried about the data protection implications, don’t worry! Website tracking is completely legal.
You can read more about our data protection policies here. If you have any other questions, don’t hesitate to reach out.