Get In Touch

We'd love to talk to you
more about your project


So call us on: 020 7287 7060

or email: info@webheads.co.uk

New York Pass

Tourism eCommerce

Sterling

Corporate web design

The Fall

Fashion web design

Project 44

Sports management web design

Delta Force Paintball

eCommerce booking system

London Explorer Pass

Tourism web design

Logo

How the GDPR can Affect your Business

If your business collects and holds any form of customer data, the General Data Protection Regulation will make an impact on your business. Set to come into effect on the 25th of May 2018, this EU regulation aims to streamline and protect the use of customer data as handled and used by the businesses that collect it. Even holding a customer e-mail address on file counts as having their data and this will also apply to data you already possess retrospectively. As the EU-based GDPR comes into effect in less than a year, UK businesses need to take note as Brexit negotiations may still be underway therefore UK businesses will have to adapt to avoid hefty fines for non-compliance. Here are three main points to consider and implement.

Data Transparency
The entire process of data collection, retention and usage must become much more transparent and clear for customers. They will have to specifically opt-in (instead of opting out at a later date), must be allowed to opt-out at any time and it has to be made explicitly know to them what their data will be used for. If there is ever a breach of customer data, the affected customers must be notified of same immediately and local data protection authorities must be notified within 72 hours. As you can see with this, customers must be readily informed about their data at all stages and must specifically grant you permission to use it in the first place from 25th May 2018. For any customer data you possess before this comes into effect, you will need to reach out to provide them with the same options to see if they want to remain on your database(s) or not.


Third Party Notifications
If your customer data is uploaded to and used by other companies for business purposes (e.g. newsletter software lists); these companies also need to be made aware of the GDPR and become compliant with it. Failure to retain compliance with your customer data through all of the channels that it is used could result in your business being hit with fines – anything between 2-4% of your turnover. This is reminiscent of how the Information Office have been known to impose fines on businesses who suffer a hack and have their held customer data and information compromised. It is clear too with this impending GDPR that businesses of all sizes will be held accountable and responsible for the customer data that they hold and the safety of it.


Appoint a Data Protection Officer
With all of the above points considered, there is licence for a dedicated data protection offer to be added to your team of staff. The GDPR include an FAQ section on their website (click / tap here to view it) as well as many recommendations which may show you how a dedicated staff member may be required to keep afloat of the changes. You could also upskill a staff member(s) to ensure your business remains complaint if adding an extra member of staff is not suitable for you in the near future. Whatever path you choose, it makes sense to have at least one member of staff to be knowledgeable in the area of customer data protection and responsible for the handling and safeguarding of it. The costs of an extra staff member or sending an existing staff member for the relevant training is really a case of short-term pain for long-term gain. The alternative is a fine for up to 4% of your turnover.

data protection