Many of our customers are companies, and if you are one of these you are probably aware of the approaching deadline for GDPR. There is a lot of confusion surrounding GDPR, so we’ve highlighted the basics in this blog and briefly explained how it affects us as a company and might affect yours too. If you’re an individual who is an ‘end user’ customer of ours, this blog also explains how we treat your personal data, and how this complies with the new GDPR regulations.
What is it?
GDPR stands for the General Data Protection Regulations, this is a piece of EU legislation that will be coming into practice very soon. This piece of legislative text will be replacing the UK’s Data Protection act 1998, this new regulation will be aimed at businesses in regards to their use of the personal data of individuals.
Companies who are not compliant with these new terms of GDPR will be subject to penalties given out by the ICO.
The deadline to be compliant with these new regulations is 25th May 2018, this is when the regulations will start to be enforced, and penalties will begin to be handed out to non-compliant companies.
Why is it happening?
The regulation looks at modernising our existing data protection laws – the way that businesses use and handle data has changed a lot over the years, so therefore the legislation needs to reflect these changes.
One of the main aims of GDPR is to rectify the numerous methods companies have created to use, and sometimes abuse an individual’s personal data.
What is involved in becoming GDPR compliant?
The GDPR regulations are quite complex so it may be worth talking to a professional in this industry. However, some of the main actions you need to take in order to be compliant are:
- Produce a data map of where your data is collected, stored and used.
- Make sure all personal data you hold is as secure as possible.
- Ensure you have adequate consent for the use of an individual’s data.
How does Hy-Pro use ‘personal data’ of customers who are individuals?
Here at Hy-Pro, we send order confirmations, statements and enquiry replies via email to our customers. We also use this data to keep you informed using newsletters. If you are currently on our news mailing list, you are able to unsubscribe at any time to stop us using your data to send you newsletters . Our news mailing list is stored by and processed by MailChimp and we store your information in our accounts system on an internal server protected by the latest technology. We don’t share your data with third parties or use it for anything else.
For Inland Revenue purposes, all of our customer data has to be stored for 7 years from your last transaction in our accounts system. After this period, we intend to render personal data “beyond use” – ie remove email addresses, phone numbers and postal addresses.
The data we hold is limited to names, contact details and accounting records for the legitimate purposes of conducting our business and complying with the law.
If you have any questions or concerns over how we treat your data, you’re welcome to get in touch with us.