Gdpr data protection, how are you handling it?

[Deleted account]

£500 is ridiculous. My web designer has quoted me £99 and I'm not getting it done even for that.

 

[johnduffell]

£500 is ridiculous. My web designer has quoted me £99 and I'm not getting it done even for that.

Make sure he/she understands gdpr properly, also it's not really optional if you're operating in the EU and storing or processing personal identifiable information. The UK will continue it even after Brexit, so no escape there.

 

[DC-backfrom the past]

ok the basics of gdpr
I'm not an advisor or qualified in any way re gdpr but this is my understanding .

any personal or private information you have on a person (customer)
this includes names addresses and email phone number.

1. Must be only be kept by you if relevant .. ie tax purposes or warranty details. why would you need someone's date of birth for any work done.
2. It should be held securely with restricted access.ie does your family need access to customer database ?
3. Only be held by you with persons consent, although some legislation may override that (hmrc for tax purposes. etc)
4. If you use the details for marketing you must gain the owners permission to do so first
5. If you have a website which allows an opt in for marketing or sign up online, then you must have the option to opt out online.
6. If you were hacked and the details stolen or copied from your computer or paper documents stolen copied then you should report to the information commissioner without delay.
7. explain to customers why you are holding any information on them.

the business gateway in my area is providing some great advice for free. I would suggest if you have any queries re gdpr that you approach them in your area.

hope this helps in a little way .

 

[Octopus]

^^ you missed one

8. You keep a client database, don't do any marketing, your website doesn't allow clients to leave their details - continue as is.

 

[SparkyChick]

3. Only be held by you with persons consent, although some legislation may override that (hmrc for tax purposes. etc)

There are lots of different types of consent. If the details are held solely for completing contracts, that's implied consent and you don't have to specifically get it.

I looked time periods up and HMRC require records for 6 years.

The complication I see for us, is certificates etc. They last indefinitely. And theoretically someone could request a copy in say 7 years time.

4. If you use the details for marketing you must gain the owners permission to do so first

5. If you have a website which allows an opt in for marketing or sign up online, then you must have the option to opt out online.

These go hand in hand. I used a product called phpList to setup a mailing list server on my website. Created an initial list of subscribers by harvesting all their email addresses from the invoices and then sent them all a mail telling them what I was doing to comply with GDPR etc.

6. If you were hacked and the details stolen or copied from your computer or paper documents stolen copied then you should report to the information commissioner without delay.

I believe you also have to notify the people affected by the hack yourself.

 

[Midwest]

I thought certificates should be stored for a 3 year period, I might be wrong. If you're in a scheme, most operate on-line certification; the onus is on them to store the documents safely & correctly.
One less thing.

 

[Octopus]

I thought certificates should be stored for a 3 year period, I might be wrong. If you're in a scheme, most operate on-line certification; the onus is on them to store the documents safely & correctly.
One less thing.

Absolutely not letting my scam be responsible for my certs

So you change schemes and need access to your older certs - what then?

 

[Midwest]

Absolutely not letting my scam be responsible for my certs

So you change schemes and need access to your older certs - what then?

Fair point, but once you've completed your work and your warranty has expired, why would you need to have reference to them? The customer can obtain a replacement copy for a small fee.

This perhaps shows a change of thought about storage of such information.

 

[Octopus]

FWIW if a customer has lost their cert, I simply email another copy .......but to find it I need the clients address and invoice numbers as I use the same numbers .....

 

[johnduffell]

^^ you missed one

8. You keep a client database, don't do any marketing, your website doesn't allow clients to leave their details - continue as is.

Not quite, you also mustto decide and implement a retention period eg 36 months after the last job. Also you have to let customers know that you will do that and allow them to request their details be deleted in full.

 

[Octopus]

Not quite, you also mustto decide and implement a retention period eg 36 months after the last job. Also you have to let customers know that you will do that and allow them to request their details be deleted in full.

Hum .... I think not

Let's see what the authorities do with all the persistent emailers to stop them ....... Beefier I lose any sleep about this carp

 

[Octopus]

Not quite, you also mustto decide and implement a retention period eg 36 months after the last job. Also you have to let customers know that you will do that and allow them to request their details be deleted in full.

Hum .... I think not

Let's see what the authorities do with all the persistent emailers to stop them ....... Before I lose any sleep about this carp

 

[Midwest]

Correct me if I'm wrong but the current data protection laws already hold a person responsible on how they manage and secure other peoples information. So e.g. if your laptop or device is stolen or lost, and someone manages to ill-use that data because it was not secure, it will be your fault and you may breach that law.

The GDPR just adds to how that date shall be used. Hence a good reason, to use on-line storage and let someone else worry about it.

 

[johnduffell]

Hum .... I think not

I should have preceded that with "if you want to comply with the law after Friday"
You can do what you like personally

 

[Toneyz]

Where is the consumer unit? as if it's out of sight then an additional enclosure is not going to look out of place.