26th April 2018
GDPR & Asset Finance: How Davenham Asset Finance will approach the new data protection regulations
From 25th May 2018 new data protection rules from the European Union will be enforced, affecting businesses across the UK and how they handle the information they hold about customers, clients, and employees. Designed to protect the information of EU citizens, consumers will have more control over how their data is used.
At Davenham Asset Finance we’ve already begun making changes to how we operate to ensure our full compliance with GDPR legislation and to make sure we continue to deliver the best service possible to our brokers, clients and employees. Below, we’ve put together some general information on how you can also manage your data protection processes in line with GDPR, however we’ve also provided some information on documentation from the ICO to refer to.
What does consumer data look like?
Personal data includes names, addresses, demographic information, even information about a person’s browsing behaviour online. Businesses acquire this data from individuals through many different sources, from signing up to loyalty cards and registering for a newsletter online, to completing a competition entry or donating money to charity. People give away their data, usually without a second thought to how it may be of use to the company holding onto that information. Most often, consent is assumed when a form is filled in or a CV submitted and filed, with people needing to actively opt-out of receiving communications or marketing activity.
Opting in is the new opting out
However, with GDPR, this is about to change. Singularly opting out (or unsubscribing) is no longer a satisfactory solution, with the onus placed onto individuals to opt-in to receive communications, and for businesses to change their practice to become more informative and transparent about how they store information and the reasons behind it in future.
Gone are the days of boxes that have been ‘conveniently’ ticked on your behalf when you register your details online. Businesses are urged to be open and clear about how they intend to use data, from what communications they intend to send, what details will be retained, and for how long, businesses must be explicitly honest with the public.
Consumers must actively opt-in to give consent to receiving communications. Opt-in messages should include:
As a business owner what do you need to do?
As a business owner it will be your responsibility to ensure any client or customer data you have is handled sensitively and appropriately, to ensure you are fully compliant with GDPR recommendations. Here are some aspects of data protection you might want to consider:
Privacy notices: Businesses must notify new and existing clients, that their personal data will be collected during their interactions. A privacy notice is a detailed document explaining what type of data is held, how it will be stored, how long it will be held for, what it will be used for, and how it will be disposed of, offering clarity and transparency to customers or clients.
Consent and the right to withdraw: Consent can no longer be assumed. Businesses must actively request the opt-in of their customers or clients to receive communications by mail, phone, SMS, or digital means, ensuring it is ‘specific, informed, and unambiguous’. This means that things like taking details from business cards and adding them to your database are not permitted.
Protect employee data: Each member of our team has an employee record. It is the responsibility of a business or organisation to take ownership of this data, and to be held accountable for any breach of data sharing. We will do all we can to keep this information safe and secure.
Breach notification: Companies must also do whatever they can to protect any client or employee data using encrypted, password protected, secure servers, accessed by a limited number of employees only. Businesses must comply with the process for notifying the regulatory body within 72 hours should a breach occur, and contact the subject of the breach to make them aware of the level of inherent risk.
Data Protection Officer: Some businesses that handle sensitive date relating to individuals, such as checks from the Criminal Records Bureau, may also need to designate a Data Protection Officer (DPO) to oversee the handling of data within an organisation, and provide training relating to the correct approaches to data protection.
Davenham Asset Finance will ensure all customer and employee data will be handled securely, lawfully and transparently, will be updated to ensure accuracy, and won’t be held for longer than necessary.
Avoid running the risk of penalties due to information breaches and ensure you are operating within GDPR guidelines before the end of May. Get started with our basic tips outlined here, and make sure you take the time to ensure your systems meets every requirement by finding out more about GDPR at www.ico.org.uk . You can also access the ICO guide designed to help SMEs achieve full compliance at https://ico.org.uk/for-organisations/business/. If you would like further information on what Davenham is doing to protect your data, please contact 0161 832 8484
At Davenham Asset Finance we’ve already begun making changes to how we operate to ensure our full compliance with GDPR legislation and to make sure we continue to deliver the best service possible to our brokers, clients and employees. Below, we’ve put together some general information on how you can also manage your data protection processes in line with GDPR, however we’ve also provided some information on documentation from the ICO to refer to.
What does consumer data look like?
Personal data includes names, addresses, demographic information, even information about a person’s browsing behaviour online. Businesses acquire this data from individuals through many different sources, from signing up to loyalty cards and registering for a newsletter online, to completing a competition entry or donating money to charity. People give away their data, usually without a second thought to how it may be of use to the company holding onto that information. Most often, consent is assumed when a form is filled in or a CV submitted and filed, with people needing to actively opt-out of receiving communications or marketing activity.
Opting in is the new opting out
However, with GDPR, this is about to change. Singularly opting out (or unsubscribing) is no longer a satisfactory solution, with the onus placed onto individuals to opt-in to receive communications, and for businesses to change their practice to become more informative and transparent about how they store information and the reasons behind it in future.
Gone are the days of boxes that have been ‘conveniently’ ticked on your behalf when you register your details online. Businesses are urged to be open and clear about how they intend to use data, from what communications they intend to send, what details will be retained, and for how long, businesses must be explicitly honest with the public.
Consumers must actively opt-in to give consent to receiving communications. Opt-in messages should include:
- A link to examples of company communications
- A tick-box for each channel of communication including direct mail, email, SMS, phone
- A confidentiality promise, to reassure customers that their data will not be shared with third parties and will be kept safe and secure, including cyber security measures.
- A clear option to opt-out
- A full disclosure on the data held with a link to the organisation’s privacy statement
As a business owner what do you need to do?
As a business owner it will be your responsibility to ensure any client or customer data you have is handled sensitively and appropriately, to ensure you are fully compliant with GDPR recommendations. Here are some aspects of data protection you might want to consider:
Privacy notices: Businesses must notify new and existing clients, that their personal data will be collected during their interactions. A privacy notice is a detailed document explaining what type of data is held, how it will be stored, how long it will be held for, what it will be used for, and how it will be disposed of, offering clarity and transparency to customers or clients.
Consent and the right to withdraw: Consent can no longer be assumed. Businesses must actively request the opt-in of their customers or clients to receive communications by mail, phone, SMS, or digital means, ensuring it is ‘specific, informed, and unambiguous’. This means that things like taking details from business cards and adding them to your database are not permitted.
Protect employee data: Each member of our team has an employee record. It is the responsibility of a business or organisation to take ownership of this data, and to be held accountable for any breach of data sharing. We will do all we can to keep this information safe and secure.
Breach notification: Companies must also do whatever they can to protect any client or employee data using encrypted, password protected, secure servers, accessed by a limited number of employees only. Businesses must comply with the process for notifying the regulatory body within 72 hours should a breach occur, and contact the subject of the breach to make them aware of the level of inherent risk.
Data Protection Officer: Some businesses that handle sensitive date relating to individuals, such as checks from the Criminal Records Bureau, may also need to designate a Data Protection Officer (DPO) to oversee the handling of data within an organisation, and provide training relating to the correct approaches to data protection.
Davenham Asset Finance will ensure all customer and employee data will be handled securely, lawfully and transparently, will be updated to ensure accuracy, and won’t be held for longer than necessary.
Avoid running the risk of penalties due to information breaches and ensure you are operating within GDPR guidelines before the end of May. Get started with our basic tips outlined here, and make sure you take the time to ensure your systems meets every requirement by finding out more about GDPR at www.ico.org.uk . You can also access the ICO guide designed to help SMEs achieve full compliance at https://ico.org.uk/for-organisations/business/. If you would like further information on what Davenham is doing to protect your data, please contact 0161 832 8484