Over the past month or so, you may recall receiving emails from us asking you to confirm your communication preferences, this included an opt in to receive the quarterly Affinity email bulletin, which is why you are able to read this…

In line with the new GDPR (General Data Protection Regulation), as well as providing you with the option to choose the communications you receive, we have also updated the Affinity terms & conditions alongside our data privacy policy, to reassure you that we will always store and manage your personal data appropriately.

Within Affinity you now have complete control over the member communications you receive from us and how these are sent to you, and you can update your preferences at any time by simply logging in to your account and updating your account settings.

From 25th May 2018 the GDPR rules and principles apply to any business, including business like yours, so here’s a quick summary of what GDPR means to you.

What is GDPR?

GDPR stands for General Data Protection Regulation and is a new European legislation, effective from May of this year. It makes companies more accountable for how they handle their customer’s Personal Data and gives consumers more control over how their data is used. It is the biggest change in data and privacy legislation in the last 20 years and impacts on every business, large or small, that controls the data of UK and European citizens.

GDPR dictates the way companies control, process, store and manage Personal Data, it’s scope is broad, it is legally compelling, and compliance is mandatory. Ignorance is no defence and penalties for non-compliance can be severe.

What type of personal data are you likely to be storing?

Put simply this will be any of your past or current customers, including anyone you may have provided an estimate or a quote to.

It is likely that you will be storing homeowner and/or landlord names, addresses, phone numbers and email addresses.

What do I need to do?

We’ve complied the following tips to help you stay compliant:

  • The first thing you need to do is get in touch with anyone who’s shared their personal data in the past and confirm they are still happy for you to contact them. You need their express permission to keep any of their information on file. A cost and time effective way of doing this is via email, because you are obligated to keep a record of their opt-in.
  • To be completely safe, you should also delete any old, unused information and understand that your customers can ask you to delete any details you might have about them at any time.
  • GDPR also applies to new customers. Whenever you start a new business relationship and collect information from someone – you need to ask them directly, in plain English, if you can maintain contact and clearly explain the methods you intend to use for these communications for example, by post, by email or even by phone, so they chose what’s best for them.
  • Keep their information safe. The rules are very strict on safeguarding your customer’s data and you should immediately report incidents which might put the privacy of that information at risk. Something as simple as losing your smartphone or anything which contains personal data on your customers, puts your customer’s privacy at risk. In such an event contact the Information Commissioner’s Office (ICO) – ideally within 24 hours.
  • Ensure the personal data you hold is as safe as possible using encryption and password or pin protection on mobile devices.
  • Transparency is key, these new rules mean that your customers can ask you to share what information you collect on them at any time. Ensure you have that information to hand in a format that is easy to share with the customer. If you have a lot of customers, then a password protected Excel spreadsheet can help you quickly locate and send individual details.
  • If you have a web site for your business, you should review your data privacy statement and website terms and conditions to ensure that they are GDPR compliant. You may also need to review and enquiry forms on your site to ensure that they are compliant too.
  • Whether you have a website or not you should review your terms and conditions of business too.

What are the consequences of not complying?

Unfortunately, failure to comply can be quite severe, with companies found to be in breach of GDPR rules potentially being fined up to €20 million, or 4% annual global turnover, whichever is the higher of the two.

Where can I get help and guidance?

This article should not be considered legal advice and is only intended to provide you with a brief overview of GDPR and what this means to you.

For further guidance and resources visit