It is important that all organisations that deal with personal information comply with the new General Data Protection Regulation (GDPR) that comes into force on 25th May 2018. This includes all sizes of company, sole traders and even voluntary organisations – if you have information that identifies individuals, then this concerns you.
Key elements are
- storing only the necessary information
- keeping it safe
- letting individuals know how you are / will use their information
- not sharing it without permission
- gaining explicit consent from people to promote or market your activities, products or services to them
- responding quickly in response to questions about what you hold or to requests to be taken off lists
- taking the correct steps quickly if information is lost or unauthorised people get hold of it
- writing down a summary of the information you hold and the steps you have in place to comply with the requirements listed above
This all might seem rather daunting, and also frightening since there can be large fines for not complying.
However, it it is really only setting out good practice for how you should treat the individuals with whom your organisation deals, Think of it as a prompt and a set of guidelines for building or enhancing the good reputation of your organisation. Remember the bad news and loss or reputation that others have suffered when they have misused or been careless with personal data.
Moreover, the work necessary can be broken down into simple steps and there are published templates which you can use to write down your plans and to let people know how you are using and safeguarding their information.
We had a long and detailed discussion about GDPR at our MBF meeting on Wednesday 4th April. You can download the presentation and notes by going to details of past meetings on the MBF meetings page