What policies and documentation do you need in place to protect yourself against GDPR?

If you do not understand GDPR, your business is at risk.

Understanding GDPR is the first step to ensuring your business is compliant. There are a number of policies that are required to ensure compliance.

What exactly is GDPR?

The General Data Protection Regulation was enacted into UK law through the Data Protection Act in 2018.

The purpose of the GDPR was to give people more transparency and autonomy as to how their data was used and shared by companies.

How does it apply to me and my business?

The principles of GDPR all fall under one of five categories; how you as a business collect, store, use, share, and dispose of people’s data.

As a company, you are responsible for all data that moves through your business. You may collect, use, store and share data in a number of different ways for a number of different reasons. Some examples could be:

  • to provide services or goods to a client (fulfil a contract)
  • sharing data for other reasons (online systems, IT companies, your accountant)
  • giving access to data to people who might come into your place of business (your cleaner, decorator or visitors)

If your business handles data, you must ensure that every care is taken to protect that data and keep it secure.

Isn’t GDPR just to do with policies?

Although you must ensure that you have all of the relevant processes, procedures and policies in place to adhere to GDPR, this is only the tip of the iceberg.

Having a bespoke, layered privacy policy on your website for example, is a great step in the right direction towards becoming compliant. But you must consider all elements of your business, and any point at which you collect, store, use, share, and dispose of people’s data.

What is a ‘layered, bespoke policy’?

People must be able to read and understand your privacy policy.

GDPR requires a short notice with key points, but which also gives access to the full notice. A layered privacy policy allows people to see an easily digestible amount of information, whilst also allowing them to see more detailed information as required.

You must also have recorded proof that the person whose data you are collecting has read, and actively agreed to your privacy policy (e.g. by ticking a box).

Fail to do this and each individual who has ever filled out a form on your website potentially has a compensation claim against you.

I don’t think I am GDPR compliant, what can I do?

GDPR is sometimes seen as an overwhelming barrier in business, but it doesn’t have to be.

Once you understand GDPR, and how it impacts your business, becoming compliant is not as complicated as you think.

GDPR Peace of Mind

The Data Guardsman software provides a simple, effective online solution that leads you through to GDPR full compliance.

Simply answer the yes/no questions and work your way through the modules at your own pace, implementing the recommendations. This can all be done in-house, without the assistance of any external consultants.

The system contains a bespoke policy builder, plus £1,000s worth of legal documents, all included in the price.

As a business, you cannot afford to ignore GDPR - it is not going away. Take action now to become compliant, and get GDPR peace of mind for just £1,200.

Find out more about GDPR, and how it affects your business, by downloading our free guide below.

By Telephone

Leave a comment

Please note, comments must be approved before they are published