Dealing with data can be a nightmare for small businesses and even government bodies can get it wrong, as the attached article clearly shows. Our small business clients regularly tell us that they consider data protection to be a difficult topic and too often as a result, it gets overlooked or worse, ignored.

Pretty much everyone in business these days handles data. And for most of us, that data comes with legal obligations attached to how we request, record, store, share and use it. And the law on data is unavoidable.

So do you know your legal obligations when dealing with the personal data of your customers, suppliers or employees?

Here’s a helpful summary of 6 steps to handling data efficiently and lawfully:

  • Collecting it: only collect personal information that you need for a specific clearly communicated purpose and get consent to collect it (if you’re up-front and transparent about your objectives, this has the added benefit of improving your business reputation by increasing confidence and trust in you); relevant examples of collecting data include: CCTV recordings, obtaining personal information over the phone or via email and using cookies on your website;

  • Using it: only use it for your stated purpose, unless you subsequently get express consent to expand your usage of it to other stated applications;

  • Storing it: keep it secure by encrypting data that you store, erasing or destroying data when it’s no longer needed, using strong passwords and shredding printouts that contain sensitive data. (These practices protect both you and your customers; if you leak personal information, even inadvertently, it can expose you to some pretty serious legal consequences);

  • Keep it current: ensure the data you collect and retain is relevant and up to date (sending communications using out of date records could annoy a disinterested or unconsenting customer and may get you into hot water, or it may fail to reach an interested customer and is a wasted effort and cost);

  • Be proportionate and responsible: only hold as much personal information as you genuinely need for your business purposes, and hold it for only as long as you genuinely need it (most customers object to the idea that their personal data may be held on databases or on other formats where there is no benefit to them of it being there; complaints are frequent where they discover that this is happening without their knowledge and /or consent and such complaints can be damaging to both your business relations and reputation, as well as legally expose you to fines and other consequences in very serious instances);

  • Be transparent and permit access to information owners: allow the client, employee or supplier of the information to see it promptly on request. They are legally entitled to see it and you are legally obliged to allow them to do so.

Getting consent to collect data is generally pretty straightforward. You can make it clear to your customers when they browse your web-site that you’re collecting information on them. You can and should include alerts and explanations within your written or online promotional materials, clearly indicating that you collect data and that by continuing with an activity, the customer (data provider) is deemed to consent to your collection of that data.

To make your information collection activity legally robust, you’ll need to define clearly exactly what data you collect and you’ll need to explain why. A good example of this is what happens with cookies and privacy policy wording on websites, where up-front and clear statements flag up to website browsers/users that their data is being collected for specified lawful reasons. Users then have the choice to prevent this data collection taking place by disabling the cookie functionality, or continuing and allowing the data collection to continue so as to reap its benefits (often helpful functionality such as enabling your basket contents to be remembered if you suddenly shut down the site or lose an internet connection, or making personal recommendations to you based on your previous browsing history within this site).

If you have any data protection issues and need fast and efficient advice, get in touch with us by clicking here.

You're on our blog and updates site, which is hosted by elXtr. elXtr is a leading digital hub powered by the award-winning lawyers at LHS Solicitors LLP, bringing you real law, made easy. Find out more about elXtr here. Law for the online generation starts here.