I am absolutely loving the community spirit being displayed by my local SME’s. I’m lucky to be part of a chat group for local businesses, and the support between businesses and from our local BID is phenomenal. Everything from how to claim for government help, to guidelines for the notable exceptions for businesses that can stay open. 
Many of our local providers have, or are moving to, online deliveries where they can, so that income is maintained and the business stays viable. I love this, and in these worrying times, it’s great to see those businesses applying the social distancing rules when delivering too. E.g. Payment taken online/over the phone and deliveries being dropped without human contact. 
Our key workers are doing a phenomenal job at keeping us supplied with food, medicines, transport (alcohol) and I cannot tell you how grateful to each and every one of them I am. 
You know there’s a ‘but’ coming don’t you? 😊 
What most businesses aren’t considering is the additional personal data they’re processing, and how that needs to be managed, either now or when things return to normal in a few months. 
Is the data secure? Who has access to it? Is access limited to only those that have an absolute need? What would be the consequences to the people affected if it got compromised? 
What happens if a delivery van leaves a list of customers in the van overnight, and the van is broken into? 
Do you know what to do if the data is breached? 
Where is the data held? Is it on paper records or is it on an insecure server overseas? Who has access and how is it secured? 
When your pub/cake shop/restaurant/other delivery service goes back to being a F2F business, what are you going to do with all that extra information you no longer have a justified business need for? 
How do you plan to delete the data you don’t have a statutory requirement to keep? 
When taking card payments over the phone, are you adhering to PCI DSS requirements? How are you holding that information and who has access to it? It’s not held in a spreadsheet for repeat ordering is it? 
The newsletter sign-up on the sparkly new website – how is it managed? Do you know how to manage the unsubscribes? 
Did you know that you can’t automatically add people that have ordered from you to mailing lists? (You have to give them the option to say ‘no’ first.) 
Have you updated your privacy notice to cover additional or amended processing? 
Have you even got an appropriate privacy notice on your website? i.e. a privacy notice that reflects what makes your business and the processing you do unique. 
If you are a local SME and would like advice, get in contact for a free 30 minute phone consultation. I’d rather help you now than see you struggle in 6 months time when things (hopefully) start to return to normal. 
You can always contact me at info@gardencityassurance.co.uk. 
We are living in exceptional times. It is worrying, some are finding it terrifying. Most people are keeping their distance and respecting the lockdown. Some are not. We should all be at home if we can, but for the key workers that are simply unable to wfh – you are fantastic, thank you.  
We will do our bit to keep you safe. 
Tagged as: Privacy
Share this post:

Leave a comment: 

Our site uses cookies. For more information, see our cookie policy. Accept cookies and close
Reject cookies Manage settings