From accounts for our webshop over subscriptions to the newsletter to posts on social channels …
Because we want to analyze the profile and behavior of our target groups with a view to optimal customer loyalty, we often store large amounts of personal data.
Since the introduction of the GDPR legislation, we know that we cannot collect this data without permission. That is why we have provided our websites and our apps with well-written Privacy Statements and Cookie Policies.
But even if we only store this data and do not use it immediately for direct marketing campaigns, the GDPR legislation still imposes some requirements.
Properly managed data storage starts with a number of technical requirements such as an access system to your server room with unique identification for authorized employees or the installation of a firewall (both hardware and software) or the use of a good virus scanner that is regularly updated ( just like all your software programs by the way) or let your website function via a secure https connection …
In addition, a good security policy is equally necessary: disseminate a general code of conduct for ICT use, devise a security policy that only gives access to personal data on a “need-to-know” basis, make procedures for the use of well-kept passwords. A good password policy can already make a very big difference in keeping your data secure.
Therefore, look critically at the use of passwords within your company. Are they complicated? Do you adjust them regularly?
So remember:
- Preferably create a unique strong password for each application. Do you use the same password for your Facebook account as for your webshop or online CRM?
- People who leave a company often retain the access codes of the systems. Block the account immediately upon someone’s departure. Change the passwords.
- Update your software regularly. Only then is it protected against the latest viruses. The advantage of online tools is that they are always up-to-date.
Related tips
Ask for freely given, informed and active consent
For consent to be informed and specific, the information is needed at least about the controller’s identity, what kind of data will be processed, how it will be used and the purpose of the processing operations as a safeguard against ‘function creep’.
Show your photographer who agreed to be pictured
More and more people are really annoyed about the unconfirmed publishing of pictures. It’s not good marketing practice any longer to just move forward and publish-as-you-please.
Have your staff use the auto-lock feature on their smartphone
Via the smartphone of your collaborators, anyone can get access to their e-mail correspondence. This access is often less protected than the PCs and desktops they are using.