Gdpr data protection, how are you handling it? | Page 2 | on ElectriciansForums

Discuss Gdpr data protection, how are you handling it? in the Business Related area at ElectriciansForums.net

I just added a basic pop up on the website, after all its only for a online presence and on the contact form i have a little bit of info explaining what i do with the info. the lawyer talking at a network event i went to said that people would struggle to make claims for mishandling of data if they contact you for a quote or to do a job, as its implied consent. if you of course flog there details that is something different, if in course of the work you say you are going to get the plumber to contact them, they say great, then again its verbal implied consent for the number to be passed to the plumber. a lot of companies are over stressing this new law.
the information commissioner even came out and said people are going overboard. he compared it to the panic over the millennium bug
 
I added a section to my website that details what data I store, how I use and who I share it with (namely my accountant). It states how long I store it for.

I also setup a mailing list server that my clients can subscribe to (which gives consent for me to mail them if I so wish).

I also added HTTPS support to my website to secure the contact form.

Total cost to the business was about £100 in my time and the certificate.

Unless you're using your website to conduct your business (beyond a simple contact form) I would suggest your hosts are taking the mick. As best as I can tell you need a single page that states what you store, how you use it, how long it's stored for (the basics). And unless you're processing personally identifiable data for doing more than just conducting your business (i.e. meeting the terms of your contracts) you don't need anything more.
 
Getting lots of emails from firms that i have used that keep pestering me with spam, asking me to opt in so i can continue to receive such spam, you could not make it up. I always ask not to be contacted about "new offers, products etc" but they just ignore it, so next time i get one, its straight down to the cop shop with crime report, lol
 
Basically you have to get consent for everything you want to use the data for, if you collect the data for a quote obviously you can, but you can only keep their details for a reasonable time needed for that purpose. So if your quote is relevant for 6 months you have to make sure you delete it after that.
From a consumer point of view it's great, no more having to opt in to spam if i want something unrelated, and companies can't sell my data for advertising unless they explain it clearly and give me a genuine choice either way.
I'm sure they aren't going after Sparky's, more like Facebook and Google etc. Fines are something like 10% worldwide revenue or 20 million whichever is greater, so they aren't aiming this squarely at small businesses. Just remember whose data it is and you won't go far wrong.
 
£500 is ridiculous. My web designer has quoted me £99 and I'm not getting it done even for that.
Make sure he/she understands gdpr properly, also it's not really optional if you're operating in the EU and storing or processing personal identifiable information. The UK will continue it even after Brexit, so no escape there.
 
ok the basics of gdpr
I'm not an advisor or qualified in any way re gdpr but this is my understanding .

any personal or private information you have on a person (customer)
this includes names addresses and email phone number.

1. Must be only be kept by you if relevant .. ie tax purposes or warranty details. why would you need someone's date of birth for any work done.
2. It should be held securely with restricted access.ie does your family need access to customer database ?
3. Only be held by you with persons consent, although some legislation may override that (hmrc for tax purposes. etc)
4. If you use the details for marketing you must gain the owners permission to do so first
5. If you have a website which allows an opt in for marketing or sign up online, then you must have the option to opt out online.
6. If you were hacked and the details stolen or copied from your computer or paper documents stolen copied then you should report to the information commissioner without delay.
7. explain to customers why you are holding any information on them.

the business gateway in my area is providing some great advice for free. I would suggest if you have any queries re gdpr that you approach them in your area.

hope this helps in a little way .
 
3. Only be held by you with persons consent, although some legislation may override that (hmrc for tax purposes. etc)

There are lots of different types of consent. If the details are held solely for completing contracts, that's implied consent and you don't have to specifically get it.

I looked time periods up and HMRC require records for 6 years.

The complication I see for us, is certificates etc. They last indefinitely. And theoretically someone could request a copy in say 7 years time.

4. If you use the details for marketing you must gain the owners permission to do so first

5. If you have a website which allows an opt in for marketing or sign up online, then you must have the option to opt out online.

These go hand in hand. I used a product called phpList to setup a mailing list server on my website. Created an initial list of subscribers by harvesting all their email addresses from the invoices and then sent them all a mail telling them what I was doing to comply with GDPR etc.

6. If you were hacked and the details stolen or copied from your computer or paper documents stolen copied then you should report to the information commissioner without delay.

I believe you also have to notify the people affected by the hack yourself.
 
I thought certificates should be stored for a 3 year period, I might be wrong. If you're in a scheme, most operate on-line certification; the onus is on them to store the documents safely & correctly.
One less thing.
 
I thought certificates should be stored for a 3 year period, I might be wrong. If you're in a scheme, most operate on-line certification; the onus is on them to store the documents safely & correctly.
One less thing.


Absolutely not letting my scam be responsible for my certs

So you change schemes and need access to your older certs - what then?
 
Absolutely not letting my scam be responsible for my certs

So you change schemes and need access to your older certs - what then?

Fair point, but once you've completed your work and your warranty has expired, why would you need to have reference to them? The customer can obtain a replacement copy for a small fee.

This perhaps shows a change of thought about storage of such information.
 
FWIW if a customer has lost their cert, I simply email another copy .......but to find it I need the clients address and invoice numbers as I use the same numbers .....
 
^^ you missed one

8. You keep a client database, don't do any marketing, your website doesn't allow clients to leave their details - continue as is.
Not quite, you also mustto decide and implement a retention period eg 36 months after the last job. Also you have to let customers know that you will do that and allow them to request their details be deleted in full.
 

Reply to Gdpr data protection, how are you handling it? in the Business Related area at ElectriciansForums.net

News and Offers from Sponsors

  • Article
As the holiday season approaches, PCBWay is thrilled to announce their Christmas & New Year Promotions! Whether you’re an engineer or an...
Replies
0
Views
450
  • Article
Bloody Hell! Wishing you a speedy recovery and hope (if) anyone else involved is ok. Ivan
    • Friendly
    • Like
Replies
13
Views
946
  • Article
Join us at electronica 2024 in Munich! Since 1964, electronica has been the premier event for technology enthusiasts and industry professionals...
    • Like
Replies
0
Views
895

OFFICIAL SPONSORS

Electrical Goods - Electrical Tools - Brand Names Electrician Courses Green Electrical Goods PCB Way Electrical Goods - Electrical Tools - Brand Names Pushfit Wire Connectors Electric Underfloor Heating Electrician Courses
These Official Forum Sponsors May Provide Discounts to Regular Forum Members - If you would like to sponsor us then CLICK HERE and post a thread with who you are, and we'll send you some stats etc

YOUR Unread Posts

This website was designed, optimised and is hosted by untold.media Operating under the name Untold Media since 2001.
Back
Top