You are going to hear a lot about GDPR – the General Data Protection Regulations that come into effect in May 2018. Before you turn away from another set of ‘compliance’ information there are some things you really need to know to protect your business.
Not only do you have to take this on board when marketing your own business and dealing with clients, delegates, events and your team but you also have to make this work when clients give you information about their delegates.
For the first time in May 2018 the ‘data processor’ may be fined for Data Protection breaches as well as the ‘data controller’. You are always the data controller for data you collect on your own clients, but trainers are often processing data (reading delegate information for starters) for clients.
You may be running a small business but you are not too small for unlimited fines for Data Protection breaches and the rules are changing. It seems a long way off but you need to start getting ready for this.
Data is cash in your house
Think of the way you currently handle your client data as if you were dealing with cash they left in your house. The data your customers share with you is money they leave in your house. It’s their money but they let you keep it for them.
Inside your house is a safe where you put the high-value items and the things you don’t want visitors to see. You don’t put everything there. It is a nuisance to get it in and out of the safe every time you need it. But if it is sensitive, confidential or money you keep it in the safe.
You don’t leave your doors and windows open with cash on the kitchen table. When you are on holiday or away from your house you take care that your safe is locked and the burglar alarms are on. You don’t just pack up everything in the house and take it on holiday with you in case it comes in handy.
You move cash and documents around inside your house and you assume it is OK with your customer if you move their stuff from one room to another. You assume that as long as it stays in your house that’s fine.
You take on a cleaner and you don’t leave everything lying around. If your secure place needs cleaning you make sure the cleaner is someone you can trust and you still don’t leave a large amount of cash on the table.
Growing your training business
Your growing business has more cash and more data than ever before. It is getting a bit much for you to do it all – even with the friendly cleaner and the occasional help from the kids’ student friends. You decide to send some of your work out so people can help you.
Would you put the cash in an envelope, stick a stamp on it and send it through the ordinary post so the people you pay can use that money to make more money for you?
If you’re still in business, I am guessing the answer is no. But when it comes to building our team of associates and support, we do the equivalent with our data.
GDPR – rebuild how you think about permission
GDPR is a whole new way of looking at what permissions you need when to do what. You are not going to be able to say – they came to my house so of course, I had permission to take all their cash. Implied permission (they must have wanted me to do that) and a lot of well-established marketing techniques are going to need an overhaul. Nor can you assume that because they visited the kitchen you have permission to take their cash to the bedroom.
If you are marketing your business, through social media, building a mailing list or a database, or even just adding contacts to your email address book, this is going to affect the way you work. The days of ‘the client sent it to me’ are gone.
From your data protection and privacy policies to your terms of business and associate contracts, you are going to have to review how you work to match it with the permissions you need and the platforms you use.
You can do something in good time for the May 2018 changes and start looking at it now, or you can hope for the best.
What’s your plan?