The GDPR (General Data Protection Regulation) comes into force on 25th May 2018. It builds on the data protection legislation that already exists, but with a sting in the tail, hefty fines for non-compliance.
As someone who has always valued data protection, both as an individual and in particular as a business owner, I welcome this new legislation. In that regard, and as an SME, I wasn’t reinventing the wheel when it came to GDPR compliance, but let me take you through the steps I followed.
I did my homework in terms of what GDPR involves. Yes, there were the scary stories, but as I see it, the new regulations are about transparency and respect, qualities that I would like to think are at the core of my business anyway. I also kept track of what I saw other firms and institutions doing. My friend and social media guru Maryrose Lyons of Brightspark Consulting through her articles, videos and interviews has cut through a lot of the hype and scare-mongering to focus on the essentials and practical steps we can take. (Thanks Maryrose.)
Legal requirements can scare me, simply because I’m not a solicitor. I did hear some wonderful and again practical talks, by solicitors and legal experts and I adapted their advice to my business.
I’m always grateful when people open, click and read my articles. I can equally appreciate that people may opt to unsubscribe (functionality that has always been part of my newsletters.) Many people have been in my marketing database for years, so it is only right that I reach out and re-seek permission to forward my monthly ezine to them.
When potential clients contact me, they forward their name, phone number and email. This information is always treated in the strictest confidence. PreCoaching Questionnaires are used to assist in the preparation for coaching sessions and with Interview Skills coaching, I invite clients to forward a copy of their CV or Application. These documents are essential to providing a quality service, but of course they are deleted and hard copies shredded when the client engagement concludes.
As with most business initiatives it is import to be proactive, to speak about the steps you are taking. It also sits with the ethos of transparency and respect. For this reason, I made the decision to write this post, not only to take you through the steps I’ve taken to ensure GDPR compliance, but if you are an SME you may find elements of my approach applicable to your business.