Are you a business owner with limited knowledge on the world of data privacy and data protection? Then grab a coffee and take a quick 5 minute read of our data protection blog as we point you in the right direction to unravel the world of data privacy!
What is Data Protection/ Data Privacy?
Data protection and data privacy exists to protect people’s personal data from misuse by businesses. There are a set of rules and regulations, set out in the UK legislation, which aim to reduce the amount of corruption, theft, misuse and lost data about individuals. Without these processes and protections, data about individuals would be everywhere and there would be an increased risk of your data being handled inappropriately.
Does GDPR still apply?
Yes! Even though the UK left the EU, the UK has adopted the GDPR regulations into UK law in the form of the Data Protection Act 2018. The same obligations and principles still apply here in the UK.
What does GDPR even mean?!
It stands for General Data Protection Regulations – it’s a piece of legislation that sets out (in detail!) the do’s and don’ts when dealing with peoples data in a business context.
Why should I care?
It is a legal requirement, if you are a business owner, to comply with the rules and regulations and to ensure you have in place safeguards and systems to protect any personal data you collect about individuals. If you are found to be in breach of the rules then fines could be imposed on your business (by the Information Commissioner’s Office “ICO”) or there is even the risk of prison sentences for directors of a company that commit serious breaches.
Oh my goodness, I know nothing…what do I need to do??
Don’t panic. The fact you are reading this blog means you have already taken the first step. Next focus on these issues:
1. Get knowledgeable! Take a good look at the ICO’s website for guidance and information on what your obligations are: www.ico.org.uk
3. If you collect any personal data about individuals (in a business sense), then you MUST register with the ICO as a data controller. This is like a data protection tax and helps fund the work the ICO carries out when investigating data breaches and providing its services on data protection guidance.
5. Put in place robust data sharing practices. Do you need to share any personal data with any third parties? For example, do you have an associate that you share data about clients with? Do you use a document management system to store your client data? As the person who originally collected the data from the individual, you are responsible for ensuring that any third party to who you share the data with also complies with the data laws. You really should make sure you have something in place (in writing) obliging them to comply with the laws AND to indemnify you in the event something goes wrong. To put it simply, you need to make sure they are on the hook to pay you back any fines you incur as a result of their wrongdoing with respect to the treatment of the data you shared with them. In short, you either need a Data Processing Agreement in place with them or some data processing clauses in your legal agreement with them (if for example you have a services agreement in place already).
7. What about marketing? Well, if you are collecting email addresses for marketing then there are other rules to follow (sorry!). If you are simply going to be marketing people for the same types of services/products for which they originally contacted you, then you can simply do this without the need for a tick box. Just make sure you have information about how to unsubscribe on every communication. If however, you are doing something different or approaching people who have not contacted you before then you will need them to click a box to agree. Also…be aware that you might need them to tick some boxes if you are intending on sharing their data with other third parties. If you are planning on doing some complicated marketing activities, then seek legal advice on consents / tick boxes.
If you’re still confused and need some help deciphering your specific data protection situation, then get in touch. We can carry out mini audits, help draft privacy policies, data processing agreements, consent tick boxes and cookie wording. Check out the GDPR/Privacy Package we offer here.