Despite the recent tsunami of GDPR emails, many businesses are still not entirely sure what is expected of them following the recent legislation change. Jollyjesters’ Kate Moore shares her findings on what party retailers need to know.
“Even though the GDPR revolution has been in the pipeline for ages, most of us have only heard about it in the last few weeks, mainly due to the flurry of emails from companies who send out mailing-lists etc.
Many small businesses – Jollyjesters included – didn’t realise that we also would have to declare our compliance, and pay huge fines if we get it wrong. So, after a frantic day of Googling I found plenty of advice, but a lot of it is conflicting, and much of it seems irrelevant to my own business.We don’t have a mailing list, we don’t send out mailshots, we don’t share our customers’ details with anyone else, our credit-card system is already PCI DSS compliant, our home and shop premises have burgler alarms. We don’t ask customers for their email addresses, and we only learn those if they write to us to ask about a costume or to send us a photo. We reply, but our email account is password-protected and we have a virus-checker.
There are hundreds of pages online which give guidance, all explaining why GDPR is a good thing – and yes, we totally agree it’s a good thing. I had no idea I was signed up to so many mailing lists… although I’m expecting to be disorientated tomorrow cos I only know it’s time to get up when the Vistaprint email arrives – but they don’t all make it clear exactly what’s expected of a shopkeeper.
I found https://www.3bweb.com/blog/gdpr-compliance is one of the easiest to follow. It’s a 28-step guide. This one – https://ico.org.uk/for-organisations/business/ – also seems thorough, with a questionnaire to assess whether we need to pay a fee or not, but some of the questions about the use of CCTV and social networking sites are a bit ambiguous.
When we hire a costume we do of course take the customer’s name, address and phone number. But we write that info in our day-book, which is kept behind/under the counter and put in the safe at night. We don’t type it into a computer – we’re a bit like Air Traffic Control, we don’t trust computers not to break down!
The FSB makes it sound very simple, with just five main questions – https://www.fsb.org.uk/first-voice/a-small-business-checklist-for-gdpr – but… maybe too simple? I still don’t really know. But one thing I *do* know is that no matter how many hoops they make us jump through to protect the privacy of our customers, the customers aren’t always doing their bit to protect their own privacy.
How many times have we seen openly public Facebook posts along the lines of; “We’re sitting here at Heathrow, jetting off to Florida for Jack’s 40th birthday on Sunday! Our dog Ben is having a holiday too, he’s staying at mum’s. Can’t remember if I might have left the bathroom window wide open, so let’s hope it doesn’t rain. Back in two weeks!”