5 Answers to Get Started with Data Protection in Your Company

data photograph of a woman looking at her tablet

5 Answers to Get Started with Data Protection in Your Company

„I get so many headaches even thinking about data protection“, „It is so important but I need more time and it is not a priority at all right now.“ Sounds familiar? Most business owners I talk to give me the same answers when it comes to data protection. It is easier than you think to follow the General Data Protection Regulation (GDPR).

For most modern businesses, data is their most important asset. In terms of commercial operations, data forms the basis for driving sales and marketing, enables you to keep in touch with customers and allows you to store information about your workforce. But as the famous saying goes: with great power comes great responsibility.

photo of a person typing onto a laptop, data protection article

My story

My name is Marie, I am a lawyer and entrepreneur based in Berlin. Started my own data protection consultancy during the pandemic next to my full time job. I mostly help female founders and small business owners with their privacy protection and could not love it more.

About 10 years ago I started getting interested in data. Back then, the online world was pretty small but kept growing already. Knowing the value behind all of that data we provide every day and every minute in our online lives, I could not stop thinking about privacy protection and the rights of every individual behind it.

How to get started with data protection in your company

I will give you 5 quick answers to the most asked questions from my clients:

#1 How to create a GDPR compliant website

Let’s face it, you need these three essentials if your business performs or you have customers within the European Union to have a legal website:

First, a legal notice so that your website visitors know who is responsible for the website. It includes the business owners name, address of the company or if there is no office address yet, the address of the business owner (no, you cannot skip this part!).

You need your VAT identification number according to § 27a Value Added Tax Act of Germany. Please do not put your regular tax number online. That is a highly confidential information and could be used by strangers to get information about your company from the tax office.

If you feel uncomfortable having that kind of private information online, you can book a service that is called “Adress-Schutz”. The companies providing this service basically get all your mail and forward it to you. If you run an online business without getting a ton of mail, this can be a good option for you.

What’s next? Right, your privacy policy. This is basically just a piece of information about how you process personal data, how long you store it and what kind of tools (like your video call software, messengers, social media, …) and plugins you are using to run your business smooth and proper. It is also an overview about data subject rights. Keep in mind that your business, best-case scenario, is growing. So you should look into your privacy policy every now and then to be sure it is up to date.

Don’t forget about your cookie consent banner. This is the third essential on our list. The banner pops up on your website when a user visits your site for the first time and gives the user a choice of consent before their data is processed. It comes mostly with your website modelling kit. Make sure to activate it.

Et voilà, your first steps to a legal website.

Collect, store and use data appropriately and with good reason.

#2 How to get started with privacy protection

Ok, you’ve got your website and your clients are rolling in. No matter what field you are working in, e.g. fashion business, coaching, medical, e-commerce, I am 100% sure you are collecting personal data. Collect, store and use data appropriately and with good reason.

The data in question must form part of a client contract or the client must otherwise have given their explicit authority for their data to be processed. What is personal data? – Anything that can be used to identify an individual person such as names, age, email addresses, IP numbers, phone numbers, health information, social security numbers etc.

A quick insight into why the EU is so freaking strict about personal data. First of all, it is a fundamental right. Secondly, if it is technologically possible to know everything about someone’s life, and I really mean everything (where you live, with whom you live together, how old you are, your sexuality, your religious view, your last online shopping purchase) but also your next shopping purchase and your next moves in life, isn’t it a bit too dangerous to leave this just to the big tech companies these days?
Back to your company and its privacy protection.

Write down all personal data you collect. Just take a piece of paper or open your favourite tool to write stuff down digitally and do it.

Now you categorise it into data subjects (client, employer, lead, supplier…) and the purpose. Purpose means for what you actually gather it. Do you work with a client and need their data? Do you collect it for your newsletter or your accounting?

Congrats, you now have officially an overview of your data processing.

Become a Member

Turn your passion into a purposeful job and overcome business challenges with the help of online courses in a supportive environment of like-minded female entrepreneurs.

#3 How to store personal data

data photo of two hands typing at a phone

Ever thought about how you as a private person save data? Some of us use external hard disk drives, most of us use clouds. Clouds are very convenient. You just upload your content and get access from everywhere anytime.

The language we use when we speak to ourselves can be empowering and motivating. Or it can stop us in our tracks. How we communicate with ourselves and our self-talk is crucial.

But just to make sure: as a business owner, you need to stick to the GDPR. The main issue here is that most clouds that are for free and give you a lot of data storage are based in the U.S. and so are their servers. This means by uploading the personal data of your clients, employers etc. you pass these on to a “third country”. The level of data protection outside of the E.U. is very different and based on European legal regulations, not the same at all. So make sure to use a cloud service based within the E.U. or Germany. In that case, you do not need any kind of Standard Contractual Clauses.

Standard what? It is basically a contract you need between a company outside of the E.U. and you if you pass personal data to them.

#4 Be aware of who gets access to the personal data by your organization

You must make sure robust procedures and processes, as well as adequate technical resources, are put in place to safeguard data from being compromised and be ready to respond to any data breaches. Do you need some ideas of how to do it? Install anti-virus software, activate your firewall, have at least one backup (I usually have two), have strong passwords, do not keep your laptop unsupervised, tape your camera if not in use.

#5 Destroy any personal data that is no longer needed

The last and totally underrated point is very simple. Delete personal data if you do not have any purpose to use it anymore. This means, you finished working with that client, patient or employee and simply have no more right to use their personal data. In Germany, there are some deadlines that have to be observed, like for the tax office, commercial register or labor law-related ones. So be aware that you need to save some information longer than others.
photo of data on a screen

Conclusion: GDPR Compliance is easier than you think

GDPR compliance is as important for small businesses as it is for large multi-national corporations. Consequently, many businesses have chosen to appoint a Data Protection Officer to address to the GDPR requirements or appoint a consultancy business to get their GDPR preparations started before delegating the role to an existing employee.

Especially when your business is still small you can also manage to do it by yourself. Data protection does not need to be hard work. It is exactly the opposite.

Start by looking into these 5 quick answers. Data protection means more security for your business and it helps you push your company to a new professional level. Your clients and partners will love it. So it is good for you and your company’s brand. Good data protection is a real game-changer and a competitive advantage for your business.

*The content of this article is not a legal advice and can under no circumstance substitute a legal advice in individual cases.

If you are inspired by Marie’s tips on how to respect your and others’ data, please visit the Your Life Your Data website, Instagram or her LinkedIn profiles. For data privacy consultances or cyber security schooling, contact her here. To find more empowering and motivational articles, check out our online magazine. Discover our Online Academy & Community Membership and try it for 7 days for free.

Related Articles

Marketing Automation for Your Business Growth with Sarah Seyr

This speech is about marketing automation and how to build an effective marketing strategy. The speaker highlights the importance of having a business case in place to justify the budget for buying traffic, as well as the need to continuously provide value to customers at each step of the sales funnel. The talk also emphasizes the need for human involvement in the marketing process, in order to effectively track and plan marketing activities.

This content is for Membership - Billed Annually, Membership - Billed Monthly, and Membership - Community Only members only.
Log In Register

6 Steps to Owning Your Niche

Think of a bag. When you own it, you feel secure knowing that it’s yours and that you can utilise it in a way that feels best for you. You have the confidence to know it’s not borrowed, stolen or rented. You must still be careful with it, but it’s not a worry.
It’s the same when it comes to your business niche. Ownership prevents us from fearing a saturated market.

5 Elements of Courageous Conscious Leadership by Violetta Pleshakova

In this talk the speaker discusses leadership and the qualities that make a successful leader, such as courage and mindfulness. Courageous conscious leadership is defined as a way of showing up that is driven by higher purpose and that cares holistically for everyone involved. Violetta emphasizes the importance of living with purpose and aligning one's values with one's behaviors. She advises entrepreneurs to prioritize their message and purpose rather than rushing to achieve success.

This content is for Membership - Billed Annually, Membership - Billed Monthly, and Membership - Community Only members only.
Log In Register

Why TikTok is a Great Marketing Tool for Your Business

What is TikTok? How does the TikTok algorithm work? What TikTok hashtag to use? What TikTok song to use? What is the TikTok Creator Fund? In this article, we will answer all of your questions. We will also tell you why setting up a TikTok account might be the right move for your business. We have some tips on how to start as a new TikTok influencer. Don’t worry, you will quickly find your feet!


Sign up for our newsletter and get 10% off.

Please Check Your Email

We are very excited for you to join!  To complete your subscription and receive your discount code, please, confirm your email. Don’t forget to check your spam, just in case.