Every business has a responsibility when it comes to employee and customer data. No matter how large or small, every business is on the hook when it comes to data protection, as one ICO-led fining of two Birmingham-based workers for unlawfully accessing records showed. While not all cases are as egregious in their demonstration of a lax attitude towards data compliance, it’s not necessarily the blatant breaches that can cause a headache for business. Building an awareness of exactly what GDPR demands, and embedding that every day into your digital business, is key.
Records and archiving
Many businesses keep an archive of records and data. This is an important part of the customer retention and customer engagement process; it helps a business owner when they are learning about their customer base, and in making informed business decisions. When addressing email archiving GDPR, it’s important to mention that email archiving solution is important for GDPR compliance because it allows email data to be stored safely. Also, GDPR-related rules actually mandate that certain businesses – such as those in the financial sector – keep hold of transactional records. The key is in learning the relevant regulations, and ascertaining what you do or don’t have the right to keep hold of. A look at the National Archives is instructive. As a public body of record, they have a legislative and ethical need to collect any and all government communications – a role fit for their purpose. You need to establish yours.
The digital footprint is a new worry for the modern internet community. Fintech Times reports that 50% of consumers are scared of losing their data, and even their identity, through their digital footprint. What they contribute to businesses online, and how that data is used, is becoming something of a key factor in choosing where they shop and what services they use. You should adapt to this. This will help your business to stay compliant, and it will reduce your secondary digital footprint – business data used and shared on the web can often contain customer details, and is something that must be protected.
GDPR also provides a range of privacy protections that have been used in perhaps unlikely areas. According to Business Insider, Prince Harry won a substantial payout from newspapers when he was able to argue that, under GDPR, helicopter photographs taken of his estate constituted a major breach of his privacy. This specific situation is, of course, unlikely to come up in your day-to-day business operations, but it reflects an important part of GDPR – consented release of data. You cannot store or receive any data that has not been explicitly granted to you by the customer or the service user – make sure that you are only collecting what you are supposed to.
In essence, GDPR and wider privacy compliance is a matter of care. Being careful of what you request from customers, careful of what you store, and careful as to what you share. A slow-and-steady approach to the data that helps to enrich you and your customers is the way forward.