Happy New Year! Time for GDPR resolution or revolution?
Whichever it is, just make sure it’s achievable…
Another new year. And another good reason to take stock and plan for the next 12 months.
Except this year, we’re going to make sure that what we aim for is not only beneficial to the business, but realistic too.
Gone are the days when we resolve to bring more chocolate to the office (much too easy) or have any left over (far too difficult). Instead, we’re going for something in between that’s very close to home – our own GDPR processes!
Because, even though we’re pretty good at practising what we preach, we know only too well how maintaining good GDPR practice is such a dynamic undertaking, and that there’s always room for improvement.
So, thanks to a few post-festive sherries, we’re now clear on what we need to do, why we want to do it and how we’re going to manage it.
And we’re going to stick to it because we know it’ll make a huge difference.
How about you and your business? Any plans to up your GDPR game?
Whether you’re thinking of minor tweaks or major changes, take a look at some of the suggestions below for a new year GDPR tidy-up…
Make it a happy new GDPR year
Last year saw us celebrate our 5th birthday. It also saw us grow the DBX team.
So, our major focus for 2019 and beyond is to build comprehensive data protection training into all our staff induction and continuing professional development (CPD).
That way, we’re able to both demonstrate accountability and lead from the top (the way it should be) and continue to ensure that everyone in the company understands the importance of respecting people’s data and buys into the ethos surrounding data protection.
We’re not stopping there, though.
Here’s a sneak preview of some of the other things we also have lined up:
- Full check of all systems and processes Making sure that we still have the right systems and processes in place is a no-brainer, and also ensures that we’re alerted to any gaps or areas that need improving. Having what we need not only keeps everything streamlined and easy, it also prevents any duplication and wastage of resources.
- Ensuring third party providers are in check! It’s very easy to assume that third party providers share the same level of commitment to the GDPR and are in step with your practices. Unfortunately, that’s not always the case! So, we’re going to be contacting all those companies who provide system or marketing services to us to see how things match up – and then take the necessary steps to put them right if we have to (even if that means changing provider).
- Marketing database review and cleanse Things change all the time in business so we’re going to do an early spring clean of our marketing database to make sure that we’re only keeping in touch with those customers we should be keeping in touch with. That means reviewing and updating marketing permissions from old and existing subscribers and customers, including the types and frequency of marketing they want to receive and, where necessary, removing those who wish to opt out. As well as keeping our customers happy, it also means we’ll be focusing on those that most likely want to work with us.
- Data storage review and cleanse In business, as well as life, it’s so easy to allow ‘stuff’ to accumulate. So, aside from the fact that holding on to anything and everything you’ve ever come across will guarantee you ace-hoarder status, there are legal parameters on how long you should retain information. For instance:
- CVs (for non-appointed candidates) = 6 months.
- Staff files (once left the company) = 7-10 years.
- Financial data = 6 years.
In short, we’ll be checking that all our info held is still within its use-by date! Otherwise… (see next point).
- Proper disposal of outdated or obsolete data Following the above, any data that’s no longer relevant or past its keep date will need to be discarded. However, not discarded in any old way where it may be found and reused, but properly disposed of to prevent this – usually through physical destruction (e.g. shredding, fragmentation of hard drives).
Unsure whether you need a GDPR resolution or revolution?
If only new year resolutions were as easy as giving up something for Lent (“I know,” you muse, “let’s cut back on Brussels sprouts or GDPR compliance…”).
Unfortunately, it’s not that simple.
And sometimes, it can be just as hard trying to identify not only on where you need to focus, but also on what and how to start.
So, if this sounds like you in your business with no idea on whether you need resolution or revolution – or something in between – get in touch.
We won’t exactly turn up laden with gifts from the east, but we will help your GDPR star shine more brightly!
Until next time...