01892 570863

Sharp News

See our latest news articles

07/02/2018

GDPR – what you need to record

Hopefully, by now you are aware of the ramifications that failure to comply with the May 2018 deadline for the General Data Protection Regulation could have on your business. But what happens when the inspectors come knocking?  What do you have to prove to show you aren’t breaking the rules?

GDPR for marketing

GDPR covers all areas of business.  How you use data for marketing purposes is a key element of this, and this is where we are focusing our advice.  For many companies, a central plank of their marketing will be their database of existing clients and prospects; we’ve written a separate blog on how to make sure this meets the requirements of the new Regulation.

For advice on other areas of GDPR compliance, please see our recommended advisors at the bottom of this blog. 

Organisational contact details

To be compliant, your record needs to show that you have a data protection policy in place: that you have thought through how it is being used in your organisation (the purpose for retaining the data), how it is being stored and whose responsibility all of this is.  So, the first thing your record needs to have is the contact details of responsible people within your organisation. 

Who these are will depend on the size of your business and your location, but might include:

  • The name of your organisation and central contact details, such as address and switchboard number
  • The data controller (the person who states how and why personal data is processed)
  • The data processor (the person who is doing the actual processing of the data; this could be an in-house team, but could also be your IT supplier or website hosting company)
  • The EU representative (if the controller is not based in the EU)

Demonstrating your data policy

There will always be data breaches – that’s a fact of the digital age.  But you will have a much better defence – should the worst happen – if you can demonstrate that you have proactively developed a policy to keep retained data to a minimum, that you only use it for legitimate reasons and that you have adequate security processes in place.  

You therefore need to have a record of:

  • The purposes of your processing
  • A description of the categories of individuals on the database (e.g. whether they are a customer or prospect)
  • The categories of recipients of personal data (who has access to the database; this could be by job title, eg ‘sales team’)
  • A description of your security measures to combat data breaches
  • Records of consent (see below)

Demonstrating that your database is compliant

As well as demonstrating your data protection policy, you also need to evidence that your database itself complies with GDPR.  This means keeping a record for each contact of what they have agreed to (the purposes for which they have agreed you can hold their data, eg direct marketing, third-party marketing) and when they agreed to it. 

What’s more, you will have to ask your contacts at regular intervals if they are happy to stay on your database (annually will normally be sufficient), so your records also need to show the dates of subsequent consents and, again, exactly what they agreed to. 

You will need to supply this in an electronic form.  An Excel spreadsheet will suffice; if you have a CRM system or use a package such as MailChimp, you may be able to generate this automatically through the software (your provider should be making sure your they are offering you the necessary facilities to meet GDPR requirements).

Failing to comply with GDPR could be incredibly destructive to your business, so don’t leave any stone unturned.

Read our previous blogs on the GDPR in relation to marketing:

What you need to know about the General Data Protection Regulation

GDPR – making your current database compliant

GDPR – the costs of getting it wrong

For advice on other areas of GDPR compliance, please email our recommended advisor: graeme.dykes@summit-management.co.uk

To find out more about how Sharp Minds Communications can help with your marketing, email communications@sharpminds.agency

Back to news

Want to drive your business forward?

Contact us