A new reality for data collection
Today, collecting data is fundamental in driving a succesful company. But if you don’t collect data in a secure and reassuring way, people will hesitate to share their data. Ultimately, this can mean that you risk losing a customer.
This blog is about how you as a company should act when you collect data about the people you deal with.
When do you collect data?
As a company, you collect data in different contexts and at different times to support your business goals. This includes:
- Marketing and advertising
- Sales activities
- Market research
- Creation and administration of customer accounts
- Product and service development
A large part of this data will thus contain personally sensitive information. Regardless of the purpose of the data collection, it is therefore essential to follow the principles of data protection, including obtaining consent, minimising data collection and implementing secure measures to protect personal information. This ensures responsible and legal processing of data, which is essential for maintaining trust in one’s company.
Build trust when you collect data
Cyber attacks, data breaches and new privacy regulations have made people more reluctant to share their sensitive personal data online. This means that even well-established companies have a big challenge in relation to people feeling safe when the company collects information about them. However, this can create challenges, as a modern company typically collects large amounts of personal data every single day.
To make life easier for companies, we have prepared a list of what you should be focussing on in order to build trust when you collect data.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Do this when you collect data
1. Create transparency
Around the Internet, there are many products and services available, which contributes to the fact that users may have difficulty distinguishing between what is real and what is a scam. You should therefore focus on creating a reassuring experience when the user visits you:
- Obtain clear and express consent from the persons whose personal data you collect
- Clearly inform the affected persons about what data is collected
- Specify the purpose of the data collection, how they are used, how long they are stored
- Inform if the purpose of processing personal data changes
- Use easy-to-understand language and avoid legal jargon
2. Minimise data
Minimising personal data when collecting data is essential to protect data. By only collecting necessary information, you reduce the risk of data being misused.
- Collect only the data necessary for the stated purpose and avoid collecting unnecessary information
- Only ask for consent for the purposes you have
3. Update privacy policy
Your privacy policy reflects that you know how personal data should be processed. Make sure that this is adequate and updated according to the latest and local data regulations where you operate. When people read the text, they should feel comfortable sharing their personal information with you.
- Develop and maintain data protection policies that comply with applicable laws and regulations
- Update the policies regularly to reflect changes in data processing practices or legislation
- Describe the security measures you use when processing personal data
- If you share personal data with third parties, make sure you have clear data processing agreements that define the division of responsibilities and security measures
- Make sure you have a plan outlined in the event of a data breach
4. Protect data
Data lives and is transmitted via systems and services. As a company, you should ensure that you use secure systems and solutions when it comes to data that contains sensitive information.
- Implement security measures to protect personal data from unauthorised access, leaks and misuse
- Keep security measures up to date
- Offer a secure method for people to send you personal data – read more about ShareSimple
5. Enforce data rights
All citizens have rights when it comes to how their personal data is processed. Make sure you are familiar with these rights so that you are ready to live up to your responsibilities as a data processor.
- Respect the rights of the individuals whose data you process, including the right to access, correct and delete their personal data
- Make it easy for people to request their data – Read more about RequestManager
6. Create awareness
It is your employees who in many cases have to handle personal data. It is also your employees who are your ambassadors to the outside world. Therefore, ensure that they have no doubts about what to do when personal data lands in, for example, their inbox, in a responsible way.
- Educate staff on data protection obligations and regularly update them on changes in policies and procedures
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
A smarter way to collect data
At Safe Online we develop tools that make it easy to follow best practices to build trust in your customers and keep up with privacy regulations at the same time.
DataMapper – Find your sensitive data
ShareSimple – Send and receive data securely in Outlook
RequestManager – Process data subject requests easily
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →
