We recently published our article “Are you GDPR ready?” which was our research into the world of the new data protection laws. Since then we have been sharing our findings with our clients so they have a better understanding of what is required of them:
2. If you send newsletters there needs to have been a clear positive consent. ie they must have ticked a box to say they want to received your emails. This means you will need to adjust your newsletters to include a consent box and you should email everyone on your current list and ask them if they want to remain on your list.
3.You need to be transparent about how you use and store any personal data, you should think about and document how you process personal data and where you store it i.e are your client contracts securely stored, this applies to digital & hard copies.
4.You need to show due diligence and make sure that all your staff understand the new laws and also check that your suppliers or any third parties you use are GDPR
5. You are allowed to keep personal data including emails for as long as it is necessary to carry out your work, but emails and files should not be kept for an unnecessarily long time. The safest bet is to delete or shred any data you no longer require.
7. Any breaches of data loss need to be documented and depending on the scale possibly reported to ICO.
We’d like to say that we are not GDPR
specialists. If you would like expert advice then we can recommend https://spheredataprotection.com
– they offer training and also supply downloadable tool kits.