When it comes to GDPR, transparency and clarity are the best defence. Be clear on what you’re using, why you are using it, and how you are storing it.

Dos

  • Create a privacy notice that is transparent about who collects the data, how it’s process and how its being used.
  • Publish your privacy notice online and include it in customer contracts or welcome packs.
  • If there is no legitimate use for customer data, delete it and delete it immediately if a customer requests you to.
  • Data must be easily transferred. Let customers ask for any data stored by you and for any information on how it’s processed.
  • Provide an option to restrict the use of customer data, empower your clients to control how you use their data and let them reuse the data collected by you!
  • Make the process of opting-out /unsubscribing easy for the customer and let them know how to do it.
  • Have data privacy and security by design and make sure that are safeguards in place for any automated processing of data (profiling)
  • We’re all human, sometimes we make mistakes. Take responsibility for rectifying incorrect information if a customer points it out

Don’ts

  • Don’t collect sensitive personal data, unless you have a legitimate reason to.
  • Don’t put the customer data at risk. Make sure you have agreements in place with 3rd parties , make sure you are familiar with their privacy policy and their data handling process.
  • Be clear when your asking for consent, it should be recorded and treated separately from any other contract. You need to capture OPT IN not opt out.
  • Even if you record generic information (like customer name) make the customer opt out even though it usually doesn’t need a consent.