If your business collects or stores any kind of information from your customers, you need to ensure that you are complying with the current rules and regulations of GDPR (the General Data Protection Regulations).
GDPR (General Data Protection Regulation) is a very large and complicated piece of legislation. I am not a lawyer. The information in this article is absolutely not legal advice and I cannot be held responsible for its accuracy. Details of where to get the appropriate legal information for both EU and UK can be found at the end of this article. However, the information in this short article will give you a heads up that you need to make sure that your business complies and that there is now BOTH an EU GDPR and a UK GDPR following the UK’s exit from Europe.
It is up to you to make sure that the information you hold on your customers is kept secure, accurate and up to date. When you collect someone’s personal data, you must tell them who you are and how you’ll use their information, including if it’s being shared with other organisations.
You must also tell them that they have the right to:
- See any information you hold about them and correct it if it’s wrong
- Request their data is deleted
- Request their data is not used for certain purposes
If you control or process any kind of customer personal data, then your business is impacted by the GDPR rules and regulations. This is everything from the simple collecting of customers’ names and addresses, telephone numbers or IP addresses, to the m ore complex keeping of medical information, bank account details etc.
Two key principles
Data protection is just about protecting your customers from having their data fall into the wrong hands. The two key principles are that businesses must have appropriate, legal reasons for processing personal data, and a business can only collect personal information for a specific purpose…and it is only to be used for that purpose!
Most of us who have a small business hold some form of personal information about our customers. It might be just an email address, or name and postal address, so we all have to ensure we comply. There are very steep fines for those that don’t.
UK and EU Data protection
Up until their exit from the EU, the UK was subject to the EU GDPR rules and regulations as they were still affiliated to the EU, but the UK now has its own UK GDPR rules and regulations.
I am NOT an expert on all the legalities of the General Data Protection Regulations for UK or EU, so it is up to you as a small business to ensure that your business, website and all data you hold on your customers complies with the relevant regulations of your country.
As today (28 January 2021) is Data Protection Day, I thought I’d just bring this to your attention and give you the relevant links so you can do some research and take any advice that you might need from a proper legal representative for your country.
I wrote a more in-depth article about this in January 2020, which was based on EU regulations, which you are more than welcome to read. Click here to read it.