GDPR Essentials- A Privacy Notice

Under the GDPR rules that come in this May every business that uses data needs Privacy Notice. This is wider than those Privacy Policies many have on their websites as these just relate to the website itself.

The Changes

Your new Notice must relate to all your data that you use or collect in your business. You must also set out the rights of anyone regarding data you hold on them. This includes the right to ask what personal information is held on them. There are strict rules regarding how such questions must be dealt with.

What you must tell anyone whose data you hold
  1. When you collect information
  2. Why you collect data. You must comply with one of the lawful grounds set out in GDPR.
  3. What data you will collect
What steps you will take to keep their data safe

You must ensure you take adequate steps to keep data safe. This includes security on your computer and website against hacking etc. If manual notes are kept these must be kept in a secure location safe from fire or other destruction and theft. Obviously it would be wise to consider more than one copy for manual information.

What you will do with data you hold

This includes how long you will keep any data and why it will be kept for that period. You must be able to justify the length of time under GDPR. Aside from that you need to keep client records for at least six years so you have them should you receive any claims against you and need to defend yourself. Similarly HMRC may investigate you and you may need to show them exactly what work you carried out with details. Think this all through before removing any data.

Sending Privacy Notice to Subscribers/Clients

You are obliged to send a copy of your GDPR compliant Privacy Notice to anyone whose data you hold and this includes subscribers to your website etc.

There is no need to panic about GDPR. They areĀ  a set of rules designed by government officials to control larger companies with lots of marketing staff who send out material in large annoying quantities. The smaller businesses have just been caught up in all this and will be struggling to run their businesses if they comply with the letter of the new regulations. There will therefore be a period of adjustment when it is decided how the rules will actually affect small businesses in practice so they are still able to function.

Not a cliff edge to fall off or climb.