3 quick tips to ensure your business isn’t breaking data protection rules

Whether you’re just planning to start your own business or you have already launched, follow these great tips to make sure you’re ready for processing your clients’ or web visitors’ data.
Tip 1: UK-based business? Register with the ICO.
As a business owner, you will collect personal data of (potential) clients. This could include:
- IP addresses of visitors to your website.
- Email addresses and names of anyone subscribing to your newsletter or other ‘lead magnets’.
- Any personal information you might collect through a contact form on your website.
- Payment details (if applicable).
- Names and other personal information collected via your social media channels.
It’s essential to think about data protection BEFORE you collect any data. Even if you automatically collect data and never look at it (or delete it), this all counts as ‘processing data’ under the General Data Protection Regulation (GDPR).
If you’re based in the UK, visit the ICO website and check if you need to register with them. It’s only a fairly small fee per year.
A privacy policy page is essential for any business – it’s a legal requirement. You can find a good overview here.
A cookie banner and your cookie policy tell visitors to your website e.g.
- why your cookies are collecting visitors’ data,
- which cookies you use,
- what will happen to your data, and
- how long you will store the cookies for.
Not sure how to do this or which cookies your website uses?
A tool that is free to use until you have 100 web pages is cookiebot.com. Just follow their instructions and you’re good to go. You can also choose from a number of other services or use web plug-ins. See what works best for you.
Important: check whether your cookie banner and notice are compliant with recent EU legislation changes on cookie banners and cookie notices. You can test this e.g. via cookiebot.com or CookiePro.
You can find many good privacy policy and cookie policy templates online. (I personally use Koffeeklatch.co.uk.)
Tip 3: Encrypt your devices.
A password is not sufficient to protect your laptop or mobile phone from being hacked, should you lose it or have it stolen. Ensure both are protected by additional encryption.
Your phone’s security settings will guide you through the process. If you have a Mac, you can switch on encryption easily. For a PC or laptop, you can follow these instructions for Microsoft.
These 3 tips will help you get on track, but they are by no means the only things you should do.
If you’d like to learn more about data protection and your responsibilities as a business owner under GDPR, I recommend Koffeeklatch’s GDPR course for Digital VIP’s. (I have no affiliation with Koffeeklatch by the way – I’m just a customer, too.)
Hope this was helpful. See you next time!
PS. I have a background in communications, publishing and research ethics management, so data protection and digital best practice is something I have a special interest in. I’ll also cover general business and social media marketing advice, including copywriting tips.
Share this post and/or follow me for more tips and tricks on my social media channels – see the contact form below. 😊