If you store and maintain a database which includes sensitive data – such as customer names and IP addresses – you need processes in place to safeguard this data and make sure it complies with data protection rules.
How are you obtaining data?
The information must be obtained lawfully and transparently, explaining what you are doing with it in clear, plain language. When you get personal data you must:
- Get the individual’s consent. This must be active, affirmative action, such as having to tick a ‘yes’ box – and not via a passive acceptance for example through pre-ticked boxes or opt-outs.
- Record how and when an individual gave consent. This consent can be withdrawn at any time and your process needs to accommodate this.
How easily can people access their stored data?
People have the right to know why an organisation is holding personal data on them, how long it’s being stored for, who gets to see it and the right to access it. You need to be able to provide people with the ability to securely review what information is stored about them.
Data must be stored in commonly used formats (e.g. CSV files). This makes it easily accessible for people and you can move a person’s data to another organisation (free of charge) if the person requests it. One option is to streamline this process using a general export function within your software – we can help with this.
How easily can you remove a person’s details?
You must be obtaining personal data for a specific purpose. Once that purpose has been fulfilled and the data is no longer required, it should be deleted. A person can also request that you delete all data relating to them. They can do this verbally or in writing and you have a month to respond to this wish.
If you need to delete a person who has placed an order, then all information about them must be removed to make them anonymous, but enough information can be kept for reporting purposes.
To comply with these requirements, you need to be aware of all the data that you have in your organisation. There are obvious sources such as databases, email boxes and files. But what about the other, hidden sources that could be storing data?
Content management systems: Many of you will have at least one contact form on your website – perhaps for visitors to subscribe to a newsletter, make a sales enquiry or apply for a job. When these forms are completed, the data is collected and saved in the backend of your website. This data must be regularly reviewed and not kept longer than required.
Speak to your IT department or web support provider to help you put a plan in place to ensure that you remove this data regularly.
Cookies: Website cookies track a visitor’s IP address and behaviour as they navigate a website. This information is then sent to Google to analyse. It’s important not to send them any data that can identify an individual. One option is to enable IP Anonymisation, a tool that hides any identifying information. By default, Google Analytics also retains data, including IP addresses, forever. It’s a good idea to change the retention period to only what is necessary.
Telephone: It’s not uncommon for your phone to store inbound and outbound numbers for a certain period of time. Make sure you include your phone system in your data retention policy. Even a number without a name is considered personal information.
Backup copies: Having backups is sensible. But when considering retention policies, paper and online copies need to be tracked. They will also need to be deleted or destroyed once they are finished with.
If you don’t have the appropriate processes in place to meet with data compliance rules, or want to update your existing processes to be more efficient, we can help. Get in touch and we will work with you to find a solution to meet your specific requirements.