Do you know what personal data you are storing and where it is stored? Do you have a policy for managing this data?
The deadline for being compliant with the new GDPR legislation is the 25th May 2018. From discussions with a lot of our clients this is something that is confusing, a little scary and something they are struggling with. There are a variety of experts out there with a variety of opinions, largely because the legislation has not yet been tested in practice and the guidance is developing on a constant basis.
Well it appears there are two terms to describe people or businesses who hold data, a Data Controller and a Data Processor. Luckily for us at Sokada we are both… perfect!
This has meant extra work for us as we have had to update our Terms & Conditions, which all of our clients will now have to sign, agreeing that they will comply with our GDPR policy and are managing their data properly.
In the past we have had a EU Cookie law which seemed almost as useful as an overly bent cucumber or chocolate that isn’t chocolate… EU law for the sake of it. But GDPR seems to be much more detailed. We are not sure how they will ever police many of the issues, but it has to be taken seriously. It’s also VERY important that we manage personal data properly.
Firstly, sit down and work out the many different ways you process personal data, this includes, customers, employees, consultants, and suppliers. We have been looking at this from a website point of view as that’s one of the key areas where we process data.
Here are a few things to consider:
Yes we know they are pretty obvious, but one thing we discovered is that a lot of our clients don’t really use the CMS (Content Management System) on their website. What our clients didn’t know was that when someone completes an enquiry form it stores a copy of that form online in the CMS. The same goes for online orders from the shops we manage. The client receives an email when an enquiry or order is placed and they just assume that is it. Even though we go over the CMS with them when we launch the site and have trained them in how to use it.
So, many customers are storing customers data in places they weren’t aware of. If this is you…. you will need to think about how you will be managing this data under GDPR?
At Sokada we build our clients’ websites using WordPress in the same way that we designed our own website; we use very similar systems. We should be processing similar data and have the same issues. We have been trying to look at GDPR in a practical way that will enable us to help our clients.
Your GDPR policy is not set in stone, it must develop as your business does, diversifying and growing alongside it.
Sokada is committed to managing its way through the minefield that is GDPR and we are supporting our clients to achieve the same.