GDPR - Customer contact details and software.
Posted: Sat 20 Apr, 2024 6:32 pm
My brain is going fuzzy.... I am in paperwork mode. Bleugh.
Is anyone up for sharing - very, very basically - how you manage GDPR on this lovely sunny weekend?
I complete GDPR training every year in my 'day job' so I am well aware of the general principals, how personal data is affected, my responsibilities, penalties etc. in terms of being an employee. But I have been too lax with the business and need to get my house in order.
Until this week, I have generally just scribbled a customer's phone number/email down and then disposed of this once the job is collected. I have just upgraded to a FramR subscription and can now enter customer details onto my quotes, orders and invoices. These are then saved so I can search by customer if I need, and will help with running sales reports etc. This is fab. But...
Can someone explain - very basically - how I comply with GDPR if I do this? Specifically - will a privacy notice cover me as long as I inform customers that I am storing their data for xxxx amount of time, with the option to refuse? Can I keep printed invoices with customer name for as long as I need to keep tax records?
Going down a hypothetical rabbit hole, what would happen if a customer doesn't want me to keep their details on file (fine, I can just list it as a cash sale), but my printed paperwork has their name? Would I just redact this? And going further, where do I stand with customer enquiries via email, text and Messenger? Do I need to consider that somehow?
It has been drummed into me - painfully - how bad it can be for employees to fall foul of GDPR. So I am probably overthinking now I have to be a bit more responsible.
Is anyone up for sharing - very, very basically - how you manage GDPR on this lovely sunny weekend?
I complete GDPR training every year in my 'day job' so I am well aware of the general principals, how personal data is affected, my responsibilities, penalties etc. in terms of being an employee. But I have been too lax with the business and need to get my house in order.
Until this week, I have generally just scribbled a customer's phone number/email down and then disposed of this once the job is collected. I have just upgraded to a FramR subscription and can now enter customer details onto my quotes, orders and invoices. These are then saved so I can search by customer if I need, and will help with running sales reports etc. This is fab. But...
Can someone explain - very basically - how I comply with GDPR if I do this? Specifically - will a privacy notice cover me as long as I inform customers that I am storing their data for xxxx amount of time, with the option to refuse? Can I keep printed invoices with customer name for as long as I need to keep tax records?
Going down a hypothetical rabbit hole, what would happen if a customer doesn't want me to keep their details on file (fine, I can just list it as a cash sale), but my printed paperwork has their name? Would I just redact this? And going further, where do I stand with customer enquiries via email, text and Messenger? Do I need to consider that somehow?
It has been drummed into me - painfully - how bad it can be for employees to fall foul of GDPR. So I am probably overthinking now I have to be a bit more responsible.