1 minute read
The GDPR policies businesses need to have in place
Any business that collects, stores and uses personal data must have certain policies in place to ensure it is GDPR compliant.
GDPR and data privacy expert
Judith Andrews from Business Tamer says: “There are basic policies every business needs to ensure compliance and peace of mind. They should be in plain English, with no jargon, and not directly copied from another website – they should be relevant and bespoke to your business, your operations and services you provide.”
These policies are:
1. A privacy notice
This should state what data you’ll collect, why and how you’ll use it, who you’ll share it with, and include your contact details.
2. Cookie policy
This tells your website users what cookies (pieces of information that allow a site to remember information about users’ visits) run on your site, the data they track and why, and where it is sent.
3. Website terms of use
This document protects the intellectual property on your site, your images and text –what happens if someone copies and uses it without your permission or embeds your site somewhere that conflicts with your values.
4. Data protection policy
An operational guide which clearly sets out how your business manages personal information including details on what you’re using it for, record keeping, and your retention policy.
5. Incident management plan
This details how your business would deal with a customer complaint, a Data Subject Access Request (DSAR), which is when an individual requests to see all information your business holds on them, and a data breach, whether serious or not.
For more information to see if your business is compliant visit www.businesstamer.co.uk
