The entire process of data collection, retention and usage must become much more transparent and clear for customers. They will have to specifically opt-in (instead of opting out at a later date), must be allowed to opt-out at any time and it has to be made explicitly know to them what their data will be used for. If there is ever a breach of customer data, the affected customers must be notified of same immediately and local data protection authorities must be notified within 72 hours. As you can see with this, customers must be readily informed about their data at all stages and must specifically grant you permission to use it in the first place from 25th May 2018. For any customer data you possess before this comes into effect, you will need to reach out to provide them with the same options to see if they want to remain on your database(s) or not.
Third Party Notifications
If your customer data is uploaded to and used by other companies for business purposes (e.g. newsletter software lists); these companies also need to be made aware of the GDPR and become compliant with it. Failure to retain compliance with your customer data through all of the channels that it is used could result in your business being hit with fines – anything between 2-4% of your turnover. This is reminiscent of how the Information Office have been known to impose fines on businesses who suffer a hack and have their held customer data and information compromised. It is clear too with this impending GDPR that businesses of all sizes will be held accountable and responsible for the customer data that they hold and the safety of it.
Appoint a Data Protection Officer
With all of the above points considered, there is licence for a dedicated data protection offer to be added to your team of staff. The GDPR include an FAQ section on their website (click / tap here to view it) as well as many recommendations which may show you how a dedicated staff member may be required to keep afloat of the changes. You could also upskill a staff member(s) to ensure your business remains complaint if adding an extra member of staff is not suitable for you in the near future. Whatever path you choose, it makes sense to have at least one member of staff to be knowledgeable in the area of customer data protection and responsible for the handling and safeguarding of it. The costs of an extra staff member or sending an existing staff member for the relevant training is really a case of short-term pain for long-term gain. The alternative is a fine for up to 4% of your turnover.