Even if you’re a small company, it’s highly likely that you’ll receive and process lots of sensitive data from people every day. Whether that’s financial information or something as simple as their name and email address, it’s important you treat each piece of information with care. If you misuse it or let someone else access it without permission, you could face a big fine. Here are some ways to make sure your company is GDPR-complaint.
Own your information
The most important thing when it comes to collecting data is to make sure that only your company has access to that data. While some of the tools you use online to collect data will provide with you with all of the information, it could just be one of several copies. You could find that many popular tools will also keep a copy of all of the information you collect for themselves.
For example, when you set up an Eventbrite WordPress site for people to book a place on an event, the ticket provider will keep the information your customers enter. This could be everything from names, addresses and email address. If you’re holding a paid event, this could also involve billing information, one of the most sensitive types of information anybody can share with your company. Instead of letting a company like this keep the information your customers provide, choose a provider who won’t keep a copy of the information. For example, Event Espresso is fully GDPR-compliant out of the box. It lets you easily export and then most importantly erase any personal data you collect from attendees.
Protect your information
Once you’ve safely collected your information, it’s important to make sure only you have access to it. Make sure you store any sensitive information securely. If it’s saved onto any physical device, make sure it is password protected and that it can’t be physically stolen from your building. Try to keep it under lock and key when not in use. Make sure any device you access the information has a high level of Internet security. Regularly check your virus software and firewall to make sure it’s up to date and protecting your device from any cyber criminals who may want to access your information. Failure to do this could result in a big fine for your company.
Only hold onto the information you have permission to hold
As well as obtaining the information from your customer, it’s also important to obtain their permission to hold onto that information. For example, you might want to hold onto their email address to be able to send them a regular newsletter or other marketing materials. If they’ve given this to you during a transaction so you can send them confirmation of a purchase, this doesn’t mean that you can use it for any other purpose. If you include a tick box at the bottom of the form, asking them to agree to allow you to contact them with further marketing materials and they tick yes, then you can keep that information.