The General Data Protection Regulation (GDPR) is the new privacy regulation that comes into force on 25th May 2018. I am sure you will have heard or seen it printed or mentioned a thousand times but what does it actually mean in practice?
GDPR is a regulation that will be enshrined in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data even when this is done outside the EU.
Even though the United Kingdom is leaving the European Union following Brexit it will still be applicable for all businesses UK.
At Ken Clarke Ltd T/A Ossett Tyre House we believe that the GDPR legislation is good for users and provides much better security across the web, in particular, this will be of benefit for those who are involved in online shopping or run e commerce businesses.
It is not true that GDPR legislation is really only aimed at regulating major corporate entities such as Facebook, Google and Twitter, who process vast amounts of personal data, this new regulation actually affects us all – even smaller businesses & companies that only process just a limited amount of data.
We believe that we should treat your data as if it were ours – because of our philosophy we are already well on the road to conforming to the spirit of the legislation to begin with.
Even if a company uses data legitimately there is still a lot of work to do around the GDPR to review existing privacy policies, to review and update users access to any data that may be held about them, essentially making it easier for us all to see what data is held, where it is held and why it is held.
Here at Ken Clarke Ltd T/A Ossett Tyre House we take our responsibility for your personal data with the utmost seriousness.
We never share your details with third parties without your permission and we never have, nor ever will sell your data to anyone.
The GDPR defines what your personal data is, and this is the key, the law now recognises that this is your information and as such you can have much greater say in who is able to keep
It covers your name, email, address, phone number, financial data such as your credit card details, age, behavioural information, usernames and much more.
We have responsibility firstly for the data that we collect from you, our direct client, and secondly for the data that you may collect and pass to us about your clients.
Any newsletter & email campaigns will always be opt-in and this will be the case going forward.
We rely on your consent to send marketing mailers and we will ensure there is always the option to unsubscribe in all marketing emails that we may send.
We will only collect the minimal data to process your order or enquiry; names, addresses, delivery phone number so that goods or engineers can get to you.
We collect your email address to let you have up-to-date information about order processing, we may pass this on to a third party couriers depending so that they can keep you informed you of whereabouts your delivery is in their network.
We don’t use any of the data for profiling and nor do not sell it to anyone.
Google & Web Analytics
We use website analytics on our website to collect very basic information such as the device our visitors use, browser versions etc so we can use this for future website development. We can also see how visitors “flow” through the website in an effort to understand how we can make the user journey as easy as possible as the site is developed.
Your right to disappear !
Under the GDPR you have the right to be forgotten, in effect this means that all of your data has to be deleted by the person holding it and they can never use it again.
There may be exceptions to this, for instance our legal obligation to keep business records such as invoices to comply with financial and tax legislation. We are developing our internal systems to make it simple for you to make this request and simple for us to process this. More information will be available on our GDPR web page by end of May. We will also be able to provide you with a copy of any data we hold on you.
We are only a relatively a small company so having just one person as the privacy officer is not really going to be practical.
We have assigned a team of people to consider and implement the GDPR and going forward it will be maintained by all staff with requests for information being looked after by Steve Pugh.
Well, there has been an awful lot to check through and for us to be mindful of, in truth though, much of the activity is now already in place. Should there be any amendments or future requirements we will list them on this page and inform you in the usual way.