Gdpr
Options
wymondham
Posts: 6,354 Forumite
Hi All
As a small business and as an IT service I need to make a start on my road to GDPR compliance, but....
I've seen lots of ebooks and read some GDPR books, all are so vague they were practically useless. There are GDPR toolkits online for about £500, but cautious about opportunists.....
Anyone got any advice how best to start this since May isn't that far away! !!!
As a small business and as an IT service I need to make a start on my road to GDPR compliance, but....
I've seen lots of ebooks and read some GDPR books, all are so vague they were practically useless. There are GDPR toolkits online for about £500, but cautious about opportunists.....
Anyone got any advice how best to start this since May isn't that far away! !!!
0
Comments
-
-
I’ve only just realised that this is happening next month and I’m feeling overwhelmed. I’ve been trying to wade through the ICO website but I’m not really clear what it is I need to be doing.
My husband and I run a small business. We have a regular client base and have records of their names, addresses, phone numbers and email addresses on our invoicing program. We don’t have staff but do use subcontractors so we have their contact information and bank details.
Is it enough for me to put a privacy policy on our website? Do I need to contact our customers to get consent to hold their data?
How are other people finding this?weaving through the chaos...0 -
there's another slightly different thread on it here. However a) you're not the only one going "Eek, it's next month" and b) the ICO says they will take a light touch approach as long as you appear to be trying to meet your obligations.
I'll ask DH what he thinks about your explicit questions: he's helping some local charities and voluntary organisations so well on top of things from that viewpoint but probably knows the business side as well.Signature removed for peace of mind0 -
As I expected, DH said "It depends ..." but we're fairly sure a privacy policy isn't going to hack it.My husband and I run a small business. We have a regular client base and have records of their names, addresses, phone numbers and email addresses on our invoicing program. We don’t have staff but do use subcontractors so we have their contact information and bank details.
Is it enough for me to put a privacy policy on our website? Do I need to contact our customers to get consent to hold their data?
How are other people finding this?
What is your relationship with your clients - do you supply something regularly, or as and when? Do you ever send out marketing emails? If you do, then you MUST have their explicit consent.
The subcontractors, I think you'd need their explicit consent to hold their data, although you have a legitimate interest in doing so: they want to be paid, you need to keep their details.
It's not just about their consent, it's also about how you hold and maintain their data.
Does your local chamber of commerce have anyone with an interest in this? I've been aware of lots of courses and information sessions aimed at the voluntary sector, although a friend has found conflicting information. Some sessions have been run by local solicitors, and aimed at small business as well as the voluntary sector.
Does your accountant have any pointers? What about your solicitor, if you've ever had cause to use one?Signature removed for peace of mind0 -
Yep started doing this, worst part is i have to ensure my webhosts fall under this, and i have to contact each one, to get confirmation that they comply.
I joined a group on facebook run by a data protection lawyer and bought a pack to help
me go through every thing and invested in a new portable drive that i can password protect0 -
I think I need to keep wading through the ICO websiteweaving through the chaos...0
-
From a thread on the employment board (self-employed person asking GDPR questions):Do you collect data via the website (e.g via a contact form?)
If so you will need a privacy policy that outlines what you do with the data. This would also lay out if you use things like Google Analytics.
Let me know and I can PM you the link to a free template from a solicitor which is great and which you can use as long as you keep the credits in.
If you use cookies on your website you will also need a cookies policy - you can buy a template from said solicitor (not too expensive - think around £20) and amend.
If neither and the site is just to provide information then you!!!8217;re fine.The site is https://docular.net - they have been recommended by our solicitor who also uses the templates from the solicitor behind that site.
As there is an editor is very easy to amend - of course you still need to have an understanding about what you're putting together unless it's a very straightforward case.
There are a few free ones for GDPR (specifically the privacy policy) and other purposes.
Just adding a warning that you need to understand any changes you decide to make to templates such as these: it would be easy to make a change which either wasn't compliant with the letter or spirit of the law, or was just plain wrong. But I speak as a lay person ...Signature removed for peace of mind0 -
As a company are we now able to create "accounts" for those that book with us to manage their bookings. Or will we need permission.0
-
As long as you tell them what you are doing with their data, and under what processing basis, yes.
If it's for a booking, then you would use the basis of delivering against the contract between you and them, so no permission needed.0
This discussion has been closed.
Categories
- All Categories
- 343.2K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608.1K Mortgages, Homes & Bills
- 173.1K Life & Family
- 247.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards