GDPR for start-ups

As of 25 May this year, the European General Data Protection Regulation (GDPR) comes into law. This means that businesses will need to have consent from their clients to use and store the personal data they manage.

The law has been brought in to protect consumers but many businesses fear that their entire customer database could be decimated and that they will have to implement costly changes to their processes, privacy procedures and record-keeping if they are to avoid the large fines involved in breaching the rules.

However, for new businesses, GDPR could bring opportunities rather than problems as, for one thing, it could lead to a more meaningful relationship with the customers who opt in with their personal data.

What business owners must remember is that personal data can include data stored anywhere, from a spreadsheet to a mobile phone and not just a marketing database. It can also include personal details way beyond a name and address, from political leanings to ethnicity.

Although businesses with fewer than 250 employees might have more leeway under the rules, the bottom line is that any business that regularly uses personal data and contacts customers must adhere to the GDPR rules.

Firstly, they should understand the information they hold on people, where they hold it and how they obtained it. If the customer did not give explicit permission for the business to hold and use their information, then they must be asked to do so.

Once the database has been ratified, it must be updated at least annually, which will lead to a truly engaged database rather than one that resents the intrusion.

Leave a Reply