If you know that GDPR exists but don’t know what to do about it, where to start or how to get what you need set up, then this series of three articles is, especially for you. Common-sense GDPR is designed for the owner-operators of small online businesses where simple and straightforward is a necessity rather than a nice to have.
The underlying principle of the Rules of Thumb is straightforward common-sense.
There are specific requirements included in GDPR, but it’s not so much what’s stated as to how you apply it to your business in a practical way that works for you. A way that makes sense to you; that you can live and work with. On that basis, the first common-sense principles I’d like to talk you through are:
• what is personal data?
• whose data is it anyway; who does it belong to?
• be open and honest, and
• if you don’t need it, don’t keep it.
So what is personal data?
Personal data is not just names or email addresses, it’s any information that can positively identify a living individual. That doesn’t mean a business or limited company or an organization, but an actual person, and it could be a combination of all sorts of things including things like photographs, IP addresses or a job role in a particular company. All sorts of pieces of information that when you combine them together, give you the identity of a person.
If you are collecting that sort of information for whatever reason in your business, you need to make sure that you’re following what’s required of you in GDPR.
Whose data is it anyway?
Well, other than your own personal data, it isn’t yours! Everyone owns their own personal data, and your business can’t claim and use someone else’s personal data without the proper lawful basis. This is one of the terms that is used in GDPR. What it means is basically, there’s got to be a legal reason for processing the data, such as you may have their consent, for example.
Be open and honest.
Transparency, which is what it’s described as in GDPR, is all about saying what you’re going to do with personal data and then doing what you say and not diverging from it.
If you don’t need it, don’t keep it.
Basically, you need to keep as little data as possible. That means that your risk is minimized and if anybody should ask you why you are holding data, such as the Information Commissioner’s Office (the ICO), you can explain.
These four Common-sense GDPR Rules of Thumb are useful markers to bear in mind. Do that, and you will be on your way to improving your business’s compliance.
This is the first article in a series of three – look out for the following two!