search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
NIGEL JONES Co-Founder,


DIGITAL MARKETING The Privacy Compliance Hub


Eight Top Tips: What A Comprehensive Data Protection Compliance Programme Looks Like


It is a programme that embeds compliance into your company and recognises where the risks are likely to come from. The regulator is most likely to get involved with your company if you have a data breach, or an individual makes a complaint. Therefore, have a programme which ensures that such breaches are unlikely to happen and means that individuals are less likely to complain.


Is The GDPR Relevant To Small Companies?


Yes. The GDPR, in eff ect, applies to all companies, as all companies process personal data (think employee contact details as a minimum). However, certain companies are more at risk than others. In reality, the less personal data a company processes, and the less sensitive that personal data is, the less a company is likely to need to be worried about the GDPR. However, companies should think carefully before coming to the conclusion that they do not process much personal data. Even small companies with employees, a website and a CRM solution are likely to be processing a lot of personal data. Complying with the GDPR will be good for all


businesses - it is a matter of customer trust. Today’s customers are more concerned about what happens to their personal


information. Certain companies will only do business with companies that promise to be GDPR compliant. And fi nally, for owners of companies looking to sell their


businesses in the future, potential buyers will insist on the company being GDPR compliant. Finally,


remember that not all data breaches are caused by big companies like Uber being hacked. More likely is an individual employee losing an unencrypted laptop on a train, or mistakenly sharing a customer list by email. This can happen to any company. That company may have to notify such a breach to the regulator under the GDPR. And no company wants the reputational consequences of such a notifi cation being made public.


In practical terms: 1. Educate your employees as to what data protection means in practice and what they must do to protect personal information in their day to day jobs.


2. Know what personal data you process, where you keep it, who you share it with, how long you keep it and what you do with it when you no longer need it.


3. Be transparent with individuals about what you do with their personal information. Have easy to understand privacy notices that tell individuals what you do with their personal information.


4. Think carefully about who you share personal information with and ensure that they are bound under contract to protect it.


5. Be ready with responses and a process for responding to requests from individuals in relation to the personal information you hold about them.


6. Keep the personal information you control secure by making sure that you get the simple stuff right eg encrypt laptops, keep the offi ce locked, shred paper rather than putting it in the bin and don’t allow sharing of passwords.


How Do I Ensure That My Company Complies With The Law?


Conclusion Establish a data protection


compliance programme - it will no longer be enough to have a privacy policy on your website, an opt out check box in your customer sign up process and some security policies in a cupboard.


The GDPR is an evolution, not a revolution. There are easy steps that you can take now to make your company GDPR compliant. Embed GDPR compliance into your company. Make sure that your employees understand what GDPR is and why it is important. Let your customers know that you believe strongly in protecting the personal information of individuals. And then be


prepared to demonstrate your compliance if anyone ever asks about it, or an accident happens. Think of your brand and your bottom line - customers are more likely to do business with companies that they trust; less likely to do business with companies that seek to confuse them; and stop doing business with companies that are reported to the regulator.


privacycompliancehub.com


7. If personal information you control is being processed outside the EEA (for example, if you use cloud storage, or other solutions hosted in the USA) make sure that you can demonstrate that such information is safe.


8. Ensure that you build privacy into your processes. For example, if you are building a new product, think about how that can be built with the minimum amount of personal data.


In relation to all of the above, keep written records and policies detailing how you comply!


41 issue 31 spring 2018


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67