GDPR, Transparency & Brand Trust With May 25th fast approaching, there has been plenty of scaremongering around strict deadlines, ever-tightening regulations, true consent and large-scale compliance strategies. While the new regulations can be overwhelming, it doesn’t have to be all bad. GDPR can have a positive impact on your consumers and clients in a way that keeps them loyal to your brand while scaling trust and encouraging repeat custom and retention rates. A recent study in the UK by the Information Commissioner’s Office revealed that as few as 1 in 5 members of the British public purported to hold ‘trust and confidence’ in how businesses store and use their personal data. Accenture performed a similar survey finding that “87 percent of consumers believe it is important for companies to safeguard the privacy of their information.” Now, more than ever, is the time to focus on what your customers want. Consumers hold a strong interest in who has access to their personal data and how it’s utilised. If you have an organisation that is considering a transparent and holistic approach to how you handle customer data, you could just see a significant boost in brand trust and loyalty for your efforts – and with loyalty comes scalability. Consent Consent Consent One of the quickest ways to increase customer satisfaction around your organisation’s data handling and processing, is by clearly defining specific, unbundled and granular consent. Consent is a hot topic when it comes to GDPR. Until now, consent could be loosely implied and didn’t need to be regularly refreshed by subjects. From the end of May onwards, personal data handling guidelines within the GDPR will be treated as a regulation rather than a directive. Make sure your customers understand the parameters around the permissions your company is requesting, what the consent means for them, how long it will last and how it can be withdrawn if the subject so chooses to withdraw it. Using positive approaches to GDPR compliance can be a scary thing, but if you look at it as a brand new unique selling point you can master, customer satisfaction should increase significantly. Here’s a look at what is important to keep in mind when collecting customer consent and building trust in the process: Transparency Your customers’ personal data belongs to them. Any mishandling of what is deemed to be their property may lead to angry or anxious customers, nevermind legal ramifications and fines. Be open, clear and real about your personal data management efforts. If your customers can’t understand how you handle their personal data, how can you expect them to remain loyal and develop trust in your brand? If consumers don’t understand the processes around consent put in place by your organisation, you may lose out. Transparency ensures any consent you request is easy to recognise, understand and agree to for your customers. Keep them in the loop by keeping your intentions out in the open. Another great idea is to appoint your company Data Protection Officer, who can guide and advise your staff on how best to remain compliant and above-board. Introduce them with your new online compliance notice so your customers know they are in safe hands with a proactive and compliant business. Education In order to ensure your customers trust how you handle and use their personal data, you’ll need to become an expert yourself. Answering any questions your customers might have around data regulations and your organisation’s compliance with GDPR rules will reassure them that they’re with a brand they can trust. Don’t worry, becoming an expert on managing data with compliance in mind is not an overnight process, but rather an evolution that will occur naturally over time. Getting started on the road now ahead of GDPR implementation isn’t a bad idea for you or your business. Easy to use tools like PlanetVerify might be ideal in keeping yourself up to speed and transparent when it comes to implementing brand new ways to manage your consumers’ data with respect and compliance. Power Knowledge is power and empowering your customers is a fast track to retaining their trust. By working with apps like PlanetVerify, your business will give consumers the opportunity to easily upload, verify, store and give consent for the usage or sharing of their personal data in specific, clear and controlled ways. Collect unlimited data sets in addition to actual documents. Regardless of your business type, PlanetVerify offers something our competitors don’t – we focus on efficient, secure and compliant data collection, while our competitors typically focus on ‘verifying’ individuals. That also includes simple name and address collections of customers you might have in any business type, whether it’s a yoga studio or property advisory firm. Increase customer loyalty from the get-go and schedule a demo today.
7 Top Tips for Getting GDPR Ready With GDPR on the home stretch and hurtling towards your business, you have a couple of months left to pull up your socks and straighten that tie. Companies need to prepare for full enforcement of GDPR regulations as of May 25th 2018. While the new General Data Protection Act can seem daunting at first glance, it isn’t too late to implement that changes you need to be remain compliant. We’ve prepared 7 quick and easy additional tips that will have you in tip top shape well before the GDPR rules change. Read this article on the basics of GDPR 2018 and what to expect before you continue on to these extra points. Give yourself and your customers piece of mind by taking heed of these interesting and important changes. Tip 1: Don’t Be Afraid! Don’t let scaremongering around the impending GDPR regulations bother you. Your industry may be bustling with talk about what you should and shouldn’t change, but this is a time to become more in control of the data you manage and store, and less unsure of where you lie if you’re hit with SARs (Subject Access Request). Focus on the embedding of long term and systematic “privacy by design” processes and policies, to strengthen your organisational structure. It’s not as scary as it seems, and is actually quite a straightforward process if you tick all the right boxes. Read on to learn what the main ones are. Tip 2: GDPR Applies to Everyone If you’re wondering whether your company needs to change its data storage and protection practices in preparation for the new GDPR regulatory changes, the answer is YES. This new legislation is set to effect all industries regardless of the organizational functions of these businesses. If you’ve got personal data from partners, clients or employees, you’ve got to make some changes. For the first time in history, the European Commission is exporting European data protection principles globally, meaning any company that works with information relating to EU citizens will have to comply with the requirements of the GDPR. This will be the first global data protection law, and just another reason for companies to start taking data privacy more seriously. Tp 3: Keep External Compliance Notices Together Deal with all of your external compliance obligations in one place for ease of access and use. We know your privacy notice should clearly state why you are collecting personal data, how it’s being stored, what it is and what you’re using it for etc. This information can be published online along with your copyright notice which explains what your position is on copyrighting. Having all of this information in one place makes it clear and concise for your customers and partners while maximising transparency and compliance. It means less inbound inquiries about your data storage and management processes for you too. Tip 4: The Definition of Personal Data In the past, many forms of personal data were not relevant when it came to the reach and relevance of GDPR. As a broad term, personal data is about to become even broader, with GDPR extending its reach significantly. The important thing to take note of here, is that the new GDPR guidelines outline that any information that can be used to identify an individual is now considered to be personal data and must be treated as such according to the new regulations. For the first time, things such as genetic, mental, cultural, economic or social information will be deemed personal data, and treated as such. So, if you’re unsure about certain types of data and whether they fall under the new GDPR’s umbrella of rules and regulations, your best bet is to assume they do. From here on, very few forms of personal data will not fall under these regulations. Tip 5: Data Breach Notification Reqs The GDPR draws on various European data breach notification laws and is aimed at making sure companies and organisations constantly monitor for breaches of personal data they collect and store. Organisations will be expected to alert their local data protection authority within 72 hours of any personal data breaches they are alerted to. This means you’ll need to consider the technologies and processes you need in place to enable appropriate and efficient detection and responses to a data breach if or when it occurs. Tip 6: Purging Data at a Subject’s Request The GDPR introduces a very strict and documentable set of regulations to ensure personal data is always available upon request. With the new GDPR regulations, subjects have the authority to request their information to be purged, or forgotten. If a client or partner requests for their personal data to be permanently deleted, you must do so swiftly. This is considered an SAR demand and must be met in order to remain GDPR compliant. This new approach to the minimisation of data storage means that organisations will be required to expunge data as quickly as possible. That is, they can only retain information for as long as is absolutely necessary. What’s more, if organisations wish to change the way in which they use data they already possess, they must issue fresh requests for consent to subjects before implementing those changes in data usage. Tip 7: Map Out the Path to May Map out the next steps for your organisation to take on the road to becoming GDPR compliant in the nick of time by May 25th 2018. Create purposeful steps using short, medium and long term actions deciding which employees will take them forward and see them through to completion. Create GDPR training schedules for all staff who deal with personal data, preparing them for on the job rules they must adhere to and ensuring the change is implemented as early as possible resulting in a smooth transition. GDPR is everyone’s responsibility and using action and engagement, your staff will be as comfortable with it as you will be.
Each and every organisation requires certain employee or organisational information to be kept confidentially. Human Resources is usually the holder of this information within an organisation, and they are entrusted with personal data and sometimes sensitive employee data. This information can pertain to aspects of the employee including any management issues the employee may have been involved in. This is why any HR professional should understand the extreme importance of ensuring confidentiality with employee data. (This can include personal data like identification numbers, reference checks, compensation numbers, health related information and anything to do with their private lives that they have chosen to share with the organization.) There are many privacy laws that require employers to make sure that there are strict procedures in place to securely store employees’ information. If this is not in place, laws like the Health Insurance Portability and Accountability Act (HIPAA) come into play to safeguard employee data by requiring organizations to notify their employees if there is ever a breach of their personal data. Human Resources must not only protect employees sensitive information but they must also protect the business information of the organisation. This type of information usually lies with senior management and can relate to information regarding strategic business planning, prospective redundancies, expansions and so-on. For Human Resources, in most cases they will need to document and store information regarding performance and any disciplinary action issues. This means that they need to maintain confidentiality while simultaneously, sometimes divulging certain pieces of information to other involved parties for evaluation. (An employee’s manager for instance). It is important for a member of any HR team to understand the balance between preserving employee confidentiality and completing a thorough investigation when needs be. Another specific document that Human Resource teams will need to store securely are work visas. Residents from certain countries will need a VISA to live and work in Ireland. It is also important to remember that these visas will need to be kept up to date. The Garda National Immigration Bureau will often investigate visas and work permits to ensure that all documentation for employees are up to date. Most Human Resource teams will train new members on their team about their specific processes and procedures that their organization uses to collect and store sensitive employee and company information. Planet Verify, however, can make this much easier for organizations’ HR teams to securely and confidentially collect, store, and remain transparent about employee information – ensuring that all work visas are in date for organizations to track easily and efficiently. Planet Verify can help create a succinct and straightforward approach to managing an Organisation’s entire employee documentation by: PlanetVerify ultra secure fully encrypted hosted solution which will come a long way in helping to secure and store your client data in accordance with the set GDPR. Organisations will be able to effectively track important document expiry dates and continuous maintenance of current client files through the use of PlanetVerify automated data request scheduling feature. PlanetVerify provides its clients with an audit-ready data trail of how they manage and obtain data subjects’ personal data. It also helps to show they acted in a transparent manner and according to the GDPR in their records maintenance.
