When it comes to GDPR, transparency and clarity are the best defence. Be clear on what you’re using, why you are using it, and how you are storing it.
- Create a privacy notice that is transparent about who collects the data, how it’s process and how its being used.
- Publish your privacy notice online and include it in customer contracts or welcome packs.
- If there is no legitimate use for customer data, delete it and delete it immediately if a customer requests you to.
- Data must be easily transferred. Let customers ask for any data stored by you and for any information on how it’s processed.
- Provide an option to restrict the use of customer data, empower your clients to control how you use their data and let them reuse the data collected by you!
- Make the process of opting-out /unsubscribing easy for the customer and let them know how to do it.
- Have data privacy and security by design and make sure that are safeguards in place for any automated processing of data (profiling)
- We’re all human, sometimes we make mistakes. Take responsibility for rectifying incorrect information if a customer points it out
- Don’t collect sensitive personal data, unless you have a legitimate reason to.
- Be clear when your asking for consent, it should be recorded and treated separately from any other contract. You need to capture OPT IN not opt out.
- Even if you record generic information (like customer name) make the customer opt out even though it usually doesn’t need a consent.