The GDPR packs a big punch in terms of the fines it can impose on businesses who don’t comply: 4% of annual turnover or up to €20M. Here’s How to Avoid GDPR Fines With These 10 Quick Steps:
Control where your data is and how it’s stored, shared and accessed
1. Make Sure All Data is Organised
Store all data you have on employees, suppliers and customers in an organised way. That way if you get any subject data requests (SARs) you know where to retrieve the requested data from quickly to meet the 30 day timeline to get back to people.
2. Make Sure All Personal Data is Securely Stored
Where is your customer, employee and supplier data stored? How safe is the data storage solution? Is any of this data being shared between your organisation and 3rd parties? How is that sharing done? Is the sharing secure?
Making sure all personal data is securely stored is a simple way to ensure GDPR compliance.Making sure all personal data is securely stored is a simple way to ensure GDPR compliance Click To Tweet
3. Have a Documented Policy on Data Processing
Create a document that clearly states how you process peronsal data. It should include
- what information are you collecting
- why you are collecting it
- how long you are keeping data for
- where is it being stored
- what you use it for
- who will it be shared with
- how you process it
Make this easily available to customers, employees and suppliers.
4. Delete Data That You Don’t Need
If you don’t need data that you have collected from employees, customers or suppliers, then delete it. Under GDPR, data controllers and processors are obliged to return or delete all personal data after the end of services, or on expiry of a contract or agreement, unless it’s necessary to retain the data by law.
So get rid of personal data that is no longer relevant, no longer in use for a specific purpose or relates to children under 16.
Recommended reading: There May Be Some Surprising Benefits of GDPR
5. Have a Process in Place for Data Deletion
GDPR also introduces the “right to be forgotten”, also known as the “right to erasure”. Individuals can ask that their data is deleted if it’s no longer necessary to the purpose for which it was collected, or there is no ‘compelling’ reason for its continued processing.
They can also demand that their data is erased if they’ve withdrawn their consent for their data to be collected, or object to the way it is being processed.
The data controller is also responsible for telling other organisations to delete any links to copies of that data, as well as the copies themselves.
Individuals have a right to have personal data erased and to prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
So if just one of these conditions applies, your organisation must delete and remove data and recorded calls ‘without undue delay’, and specifically within a month, barring exceptional circumstances.
Time to set up a process!Have a process in place for data deletion to comply with GDPR Click To Tweet
6. Change All Marketing Opt In To Active Consent
You can no longer rely on pre-ticked boxes or indeed add them without their consent to your mailing list.
7. Implement Double Opt In For All Mailing Lists
Double opt in on your mailing software is easy to implement nowadays, you should absolutely make sure this is done because it is a simple way to show that people consented to go on your mailing list and your mailing software will also record when they clicked to agree to join.
10. Staff Training
Train all your employees about GDPR to make sure they are up to date. While your organisation might not need a Data Protection Officer by law, it could be a good idea to appoint someone in your organisation to be responsible for this area.
Ready to give Rinodrive a go? Signing up for a free trial is just
Are you going to implement these 10 quick things to avoid GDPR fines? Did you find this article useful? Tell us your thoughts in the comments below.
Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe).
About The Author:
Before joining Rinodrive, Jill Holtz founded Mykidstime.com and Digital4Sales.com, as well as a spin-off company Clearbookings.com.
In her past life, Jill worked in CRM and Marketing Support managing projects for British Gas, Royal Bank of Scotland, Barclays Bank, AIB, as well as holding product management and communication roles in several technology companies. Jill holds a BSc in Mathematics from University of Glasgow, an MSc in Operational Research from University of Strathclyde and a 1st class honours Executive MBA from NUI Galway. Jill was included on Technology Voice’s 2014 list of Ireland’s Talented Technology Women. She has a passion for digital and social media marketing and is an experienced writer and speaker.
More posts by