The GDPR guide for UK businesses

By News Leave a comment

The EU General Data Protection Regulation is already enshrined in law and becomes a final requirement from 25 May 2018. The regulation applies to all organisations that deal with EU citizens whether or not those organisations are based within the EU or their web hosting is within the EU. It runs to 204 pages.

If you have 250 or more employees this briefing note does not cover some further essentials which you must implement with regard to your internal task allocations and responsibilities. You will doubtless have the resources to follow through yourselves. It is unlikely that either large or smaller businesses will need the use of ‘consultants’.

For smaller business operations the two principles of the regulation are very simple.

You should only collect data on individuals that is essential for the processing of an order or, if not essential, is justified and explained as to its use.

You cannot assume that the individual not querying your use of any data element or accepting a pre-ticked box is adequate for their implicit acceptance. There is no such thing as ‘implicit’ acceptance of the use of personal data.

For example, if you ask for a phone number you should explain that you may wish to call the customer if there’s a delivery issue. It may also act as an anti-fraud device so that you can call to check the delivery address. This is often specifically in the customer’s interest but you must explain it.

So you look at what data you collect and explain why you want any data that is not obviously essential to handling the order. That’s all there is to it.

Many members use the SafeBuy Privacy and Cookie Policy. It’s free to all members and here’s the link to the latest version, taking into account the regulation:

Kind regards,

The SafeBuy Team

Leave a Reply

Your email address will not be published.