5 Answers to Get Started with Data Protection in Your Company
„I get so many headaches even thinking about data protection“, „It is so important but I need more time and it is not a priority at all right now.“ Sounds familiar? Most business owners I talk to give me the same answers when it comes to data protection. It is easier than you think to follow the General Data Protection Regulation (GDPR).
For most modern businesses, data is their most important asset. In terms of commercial operations, data forms the basis for driving sales and marketing, enables you to keep in touch with customers and allows you to store information about your workforce. But as the famous saying goes: with great power comes great responsibility.
My name is Marie, I am a lawyer and entrepreneur based in Berlin. Started my own data protection consultancy during the pandemic next to my full time job. I mostly help female founders and small business owners with their privacy protection and could not love it more.
About 10 years ago I started getting interested in data. Back then, the online world was pretty small but kept growing already. Knowing the value behind all of that data we provide every day and every minute in our online lives, I could not stop thinking about privacy protection and the rights of every individual behind it.
How to get started with data protection in your company
I will give you 5 quick answers to the most asked questions from my clients:
#1 How to create a GDPR compliant website
Let’s face it, you need these three essentials if your business performs or you have customers within the European Union to have a legal website:
First, a legal notice so that your website visitors know who is responsible for the website. It includes the business owners name, address of the company or if there is no office address yet, the address of the business owner (no, you cannot skip this part!).
You need your VAT identification number according to § 27a Value Added Tax Act of Germany. Please do not put your regular tax number online. That is a highly confidential information and could be used by strangers to get information about your company from the tax office.
If you feel uncomfortable having that kind of private information online, you can book a service that is called “Adress-Schutz”. The companies providing this service basically get all your mail and forward it to you. If you run an online business without getting a ton of mail, this can be a good option for you.
Don’t forget about your cookie consent banner. This is the third essential on our list. The banner pops up on your website when a user visits your site for the first time and gives the user a choice of consent before their data is processed. It comes mostly with your website modelling kit. Make sure to activate it.
Et voilà, your first steps to a legal website.
#2 How to get started with privacy protection
Ok, you’ve got your website and your clients are rolling in. No matter what field you are working in, e.g. fashion business, coaching, medical, e-commerce, I am 100% sure you are collecting personal data. Collect, store and use data appropriately and with good reason.
The data in question must form part of a client contract or the client must otherwise have given their explicit authority for their data to be processed. What is personal data? – Anything that can be used to identify an individual person such as names, age, email addresses, IP numbers, phone numbers, health information, social security numbers etc.
A quick insight into why the EU is so freaking strict about personal data. First of all, it is a fundamental right. Secondly, if it is technologically possible to know everything about someone’s life, and I really mean everything (where you live, with whom you live together, how old you are, your sexuality, your religious view, your last online shopping purchase) but also your next shopping purchase and your next moves in life, isn’t it a bit too dangerous to leave this just to the big tech companies these days?
Back to your company and its privacy protection.
Write down all personal data you collect. Just take a piece of paper or open your favourite tool to write stuff down digitally and do it.
Now you categorise it into data subjects (client, employer, lead, supplier…) and the purpose. Purpose means for what you actually gather it. Do you work with a client and need their data? Do you collect it for your newsletter or your accounting?
Congrats, you now have officially an overview of your data processing.
Become a Member
#3 How to store personal data
Ever thought about how you as a private person save data? Some of us use external hard disk drives, most of us use clouds. Clouds are very convenient. You just upload your content and get access from everywhere anytime.
The language we use when we speak to ourselves can be empowering and motivating. Or it can stop us in our tracks. How we communicate with ourselves and our self-talk is crucial.
But just to make sure: as a business owner, you need to stick to the GDPR. The main issue here is that most clouds that are for free and give you a lot of data storage are based in the U.S. and so are their servers. This means by uploading the personal data of your clients, employers etc. you pass these on to a “third country”. The level of data protection outside of the E.U. is very different and based on European legal regulations, not the same at all. So make sure to use a cloud service based within the E.U. or Germany. In that case, you do not need any kind of Standard Contractual Clauses.
Standard what? It is basically a contract you need between a company outside of the E.U. and you if you pass personal data to them.
#4 Be aware of who gets access to the personal data by your organization
#5 Destroy any personal data that is no longer needed
Conclusion: GDPR Compliance is easier than you think
GDPR compliance is as important for small businesses as it is for large multi-national corporations. Consequently, many businesses have chosen to appoint a Data Protection Officer to address to the GDPR requirements or appoint a consultancy business to get their GDPR preparations started before delegating the role to an existing employee.
Especially when your business is still small you can also manage to do it by yourself. Data protection does not need to be hard work. It is exactly the opposite.
Start by looking into these 5 quick answers. Data protection means more security for your business and it helps you push your company to a new professional level. Your clients and partners will love it. So it is good for you and your company’s brand. Good data protection is a real game-changer and a competitive advantage for your business.
*The content of this article is not a legal advice and can under no circumstance substitute a legal advice in individual cases.
She loves that we can control what kind of data and information we give away and therefore stop the big tech companies making money out of it and ourselves. Besides that, she runs and eats a lot - lots of pain au chocolat! And she doesn't know how to get all that energy from if not from meditation.
If you are inspired by Marie’s tips on how to respect your and others’ data, please visit the Your Life Your Data website, Instagram or her LinkedIn profiles. For data privacy consultances or cyber security schooling, contact her here. To find more empowering and motivational articles, check out our online magazine. Discover our Online Academy & Community Membership and try it for 7 days for free.