The first tip, every time you decide to collect and process users’ data, you need to identify a reasonable purpose for it. For example, if you provide online retail service, you need to collect the delivery address and the code to enter the building of your customers to deliver the goods. You can keep this data until the order has been delivered to the customer, afterwards it should be deleted as the purpose for which this data were collected, has been achieved.
As the main goal of GDPR is to prevent companies from the misuse of personal data without a defined purpose for unlimited period of time, make sure to follow this simple principle to protect your company from fines and your customers from privacy breaches.
Create and keep a nice and neat register of users data in different storages depending on the nature of the data. This will allow you to monitor the data processing and answer rapidly on requests from customers to delete their data, granting them their “right to be forgotten”. Don’t forget that under the GDPR people can ask you to “forget them” or simply delete their data at any time if it’s no longer relevant or the purpose for which it has been collected, has been attained. Keep this in mind!
Always ask for the customer’s consent on every change related to their data privacy. As the time of passive consent under past opt-outs models has passed, the GDPR makes you to obtain an active affirmative consent for each data processing. For example, we advise you to send an email to your customers asking their consent on receiving the newsletters from your firm. This will allow you stay in touch with only those customers who are interested in your firm and would like to receive an updates on your activity.
Don’t forget to keep an updated record of how and when customers gave consent, as well as give them a chance to withdraw their consent at any time.
To sum it up, always be transparent about the way you process customers’ personal data and use it only for a specific purpose.