As GDPR Consultants in Buckinghamshire, there have been huge changes since the GDPR has been introduced.
All GDPR Consultants will agree, the new data protection legislation has been with us nearly a year
We have been learning to live with and love GDPR over the past 11 months. Yes its involved some work and adjustment. Yet I think overall its been a great thing for businesses and I don’t mean just mine. Businesses need to protect their personal data. Change is inevitable but usually the result is reviewed processes and improved secure systems. We all need to take care of the personal data that we have, be it client data, employee data and supplier data. This all adds to the trust that all good business relationships are built on.
My business is based on helping clients consider data first. Then adjust their processes to ensure that they consider data by design. But what does that mean?
Let’s look at the following areas of possible data implications:
- Revising your employee application forms
- A new finance or invoicing system
- A new data storage option
- Ways for your clients to authorise documents and sign on line
- A new supplier
- A new client
All of these possible and are the normal part of business development of any company and I expect you have experienced many if not all of them.
But how can they be effected by data?
Let’s take for example, updating your employee application forms.
These are brimming full of personal data, so with GDPR in mind, do you really need to know their height and weight? Any good GDPR Consultant will advise you to only ask for what you use and what you need. It might be nice to know, but if there was a data breach and the health data of your employees was published somewhere.
Could you say that this data was essential for your business?
I advised a client recently to standardise their application forms and not to ask for a covering letter. These are interesting and insightful but are a complete nightmare for too much unorganised and unrequested personal data. Who needs to know that due to my excess height of 6’3″ I can reach awkward shelves but I’m allergic to chlorine?
Unless you need it – don’t ask for it. Consider article 5 of the GDPR, use of data must be lawful, specific, limited and relevant amongst other things.
Data minimisation is key.
Let’s look at one more example, a new client.
Yippee you have a new client. They want hundreds of what you produce, but then you get asked the question. Do you work with a GDPR Consultant for your compliance? Show me your data protection policy and your retention period documentation… arghhhh. Yet its easy enough to incorporate these into your working practices. They also provide a great reference point too for employees and clients alike.
So if any of this rings a bell with you or you just want to check that you’re doing the right thing then speak to a GDPR Consultant.
We are GDPR Consultants based in Buckinghamshire that provide data protection advice to help you on your compliance journey. We have extensive commercial experience and provide practical solutions to help you. We look at your data protection processes and help you avoid expensive and damaging data breaches.
Its simplier than you think!
Get in touch for a free one hour GDPR health check with our GDPR Consultant in Buckinghamshire.