Most of us have heard of it. What does it all mean and what are IAP doing about it? In short, GDPR (General Data Protection Regulation) is new privacy legislation introduced by the EU to give individuals full right of access to data companies store on them. The UK will adopt GDPR as of Friday 25th May 2018.
IAP are already committed to responsible handling of our customer data and like many others we are using the GDPR “deadline” as an opportunity to review our data handling processes. Here are four actions we’re taking as part of this review.
1. Audit of all existing customer data, storage methods and sources
We’ve grown substantially as a business in recent years. Our customer base has grown with us and so, therefore, has the volume of data we’re required to handle to allow us to provide the services and solutions we offer. We have now completed an internal audit of all customer data and sources, creating an inventory which allows us to see a complete list at a glance, with details of who within our organisation has ownership and where it can be accessed.
2. Revision of our company policy for handling customer data
All of our staff have been briefed on the changes made to how we handle data. The inventory of our customer data sources has been made available for all colleagues and support is available to ensure compliance with our internal processes around data. We will also continue to develop best practice around data handling as part of ongoing staff training.
3. Removal of lapsed or other unneeded data
Much of the GDPR is focused on how companies use prospect data for new business development. IAP do not use mailing lists or external companies to provide leads – all of our business growth is by personal recommendation. We have instigated a policy to delete all customer data where we have had no contact within 13 months, unless the customer specifically opts in for us to retain their data for purposes of future business.
4. Review of existing customer data to ensure we have correct and only the appropriate contact details for correspondence
It will continue to be necessary for us to keep contact details for our customers in contract with us. Occasionally we will contact our customers via email or phone with news and updates related to the products and services they have with us. We will endeavour to make immediate updates to the contact details we retain, should the customer require us to. Notifications of changes should be made to the our normal helpdesk (firstname.lastname@example.org) and the relevant person will then update our records.