Although you might not think you do process personal data initially, every business does somehow.
- If you have employees, you store and process personal data.
- If you have an enquiry form on your website, you hold and process personal data.
- If you keep customer records, you hold and use personal data.
- If you use Google Analytics, you are handling personal data.
GDPR is about transparency and honesty. It’s about moving away from this ‘cloak and dagger’ world of holding onto personal information.
- What is personal data?
- What personal data do you collect?
- How do you obtain this data?
- Information given by the individual, e.g. enquiry forms, email subscription
- Information collected from the individual, e.g. cookies, analytics
- Information from third parties
- Why do you collect this data?
- Why can you hold this data?
- How long you keep this data?
- Who uses the data?
- How do we protect your data? E.g. internal systems, secure servers, SSL certificates, a 2-tier password system
- Who do we share your information with?
- What rights do you have?
- Right to be forgotten, e.g. opt-out methods
- Right to request copies of information
- How they can request information