Step 1: Current Data Gathering
Go through all of your current customer data and make a clear list of where each set of data is kept and who can access it.
For GDPR compliance, you must have total knowledge of all customer information, whether that’s stored physically or digitally. You need to know who can access each set of customer data, and where all of this information is kept.
Step 2: Current Data Audit
Take a look at the current customer data you have in more detail.
When were you last in touch? What type of explicit consent has been given? Are any data sets purchased lists?
All of these will impact how you achieve GDPR compliance. (We’ll come to these in more detail later in this masterclass course!).
Step 3: Outline Privacy Rules
This policy must include stipulations on who can access what level of personal customer data. For example, a third party courier may only require a name and address, but an accountant may require sensitive financial information.
Step 4: Review Your Consent Procedure
This is a biggie in GDPR. Your customers must now give you explicit consent to be contacted in a certain way. For example, if they specify to only receive emails about their account and nothing from third parties, you’re not allowed to call them about some great new third party offer.
You must have clear consent procedures in place for GDPR compliance. This could be as simple as a tick box on a flyer given out for promotions that says “I consent to my details being used for marketing purposes with This Company”.
Step Six: Data Breach Policies
What would you do if somebody managed to hack into your database?
You need to have a full plan of action ready in case you think – or know – that customer personal data has been compromised.
This would include clear communication to the customer that their data may have been breached, how they should reset online passwords to accounts, and any other pertinent information to the breach and your remedy for it.
Step Seven: Data Protection Policies
To ensure GDPR compliance, you need to protect data. This means anonymisation at more open levels (such as for marketing analysis), or encryption to access detailed records.
The fastest way to protect data is to hit the delete button! When conducting your audits, make sure that you’re only keeping essential and relevant information, for transactions over the past seven years.
Now you know the basic journey you’ll be taking, keep an eye out for the next emails in this GDPR masterclass to discover in more depth how to achieve full GDPR compliance!
*This email master class/ blog series has been prepared by instantprint as a condensed summary of GDPR and not as a full comprehensive review. We advise all readers to undertake their own further reading and research into GDPR, including a review of the GDPR guidance set out on the Information Commissioner’s Office’s website.