The 5 ways your business is breaching GDPR and how to fix it

by Rob Mark, June 20, 2018

As World Cup fever takes over (c’mon England!!) you’d be forgiven for ignoring the fact that GDPR came into effect a few weeks ago.

Whether your electrical, plumbing or building business is using paper files, multiple random excel files, or a job management system to track customer, supplier or staff details then it's time to get your head around GDPR and what it means for your business.

With that in mind we’ve come up with a list of some examples of the ways you might be breaching GDPR guidelines and some recommendations on what you can do right now to get out in front of this.

Firstly, lets cover off some GDPR basics…

  1. GDPR stands for The European General Data Protection Regulation (GDPR for short) and it’s essentially built around two key principles.
    1. Giving EU citizens and residents more control of their personal data
    2. Unifying data protection requirements across the EU to make it easier for businesses to know and comply with them.
  2. GDPR impacts any business that handles the personal data of EU citizens, including those with fewer than 250 employees (yes that includes your growing electrical, plumbing, or building business).
  3. Individuals (i.e. your customers and your staff) now have more rights over how businesses use their data. You need to know these rights and put steps in place to support them.
  4. Failure to comply could result in some harsh penalties i.e 4% of your annual turnover. Think what a fine that size would do to your growing business?

The Information Commissioner’s Office (ICO) has produced some advice on how to comply with GDPR and how to help get your business on the right track. Check it out here.

However, a better place to start might be with this practical guide on the 12 things you can do now to prepare for GDPR, also produced by the ICO. Check it out here.

The key element of the legislation is the improved rights of the individual or citizen with regards to who has what data, why, and what they can do with it.

Given the heightened awareness about GDPR, you can expect lots of queries from customers, staff and suppliers about how you comply with GDPR, including how you are protecting their data. Eventually you’ll start to lose customers (and hours in the day) if you can't do this quickly and easily.

So it's important that you understand and act on the requirements. This handy guide spells out in simple terms the eight rights for individuals you need to keep in mind at all times.

So now you know the basics, let's look at 5 examples of how you may struggle to comply with the legislation.

  1. If a staff member asked to view their payroll data, its accuracy and your data security, what would you do? Where do you store it? In an unlocked filing cabinet, in an unprotected excel file, or in a world class payroll system like Xero?
  2. If your largest customer requested proof that you were taking appropriate steps to safeguard important customer and job data, what would you do? Could you highlight the capabilities of your job management software i.e. Tradify or would you be at risk of losing this customer’s business?
  3. If a customer asked to see all the information you have on them and the jobs you have done for them, how long would it take you to find this information? Would this be a simple matter of using the search function in your job management system i.e. Tradify, or would you have to spend a day going through boxes of files. How could you prove that this information was being stored securely?
  4. If you send regular email updates out to prospects, could you prove the consent details if the prospect asked you to? Do you use a specialist job management or CRM tools like Tradify, Insightly or PipeDrive. Or is a bunch of old excel files your go to?
  5. How are you capturing and storing new customer data (names, addresses, security codes for alarms, spare key location, and other sensitive personal information)? Are you clearly requesting their consent and explaining why you need their data and what you intend to do with it?

So if those examples sound alarmingly familiar, then I have two words for you - Go Digital.

Seriously, if you look at it, the real issue with GDPR and most electrical, plumbing and building businesses is that they rely on paper based systems.

Paper based systems make it practically impossible to fully comply with GDPR. Digitising your business, instead of relying on paper, is not only good business practice, it also goes a long way toward GDPR compliance, whilst also outsourcing a lot of the operational costs and risks to the software providers you subscribe to.

If the risk of a big GDPR fine still isn't enough to get you motivated, then what are you doing about Making Tax Digital? It’s only a matter of time until businesses that are VAT registered and above the threshold will be required by law to keep their records digitally and submit VAT returns to HMRC digitally.

Xero have recently done a blog on Making Tax Digital if this is the first you’ve heard of it. Check it out here.

Essentially, given GDPR and MTD, going digital is basically mandatory, so the only decision you need to make is whether you go digital now... or do you drag the chain and do it later, putting yourself under way more stress?

Here’s my top 3 tips for getting started on the Going Digital journey.

  1. Talk to your accountant - they’ve been thinking about GDPR and MTD for a while now and will have plenty of useful advice on what to do next. If they aren't up to it, we can recommend one that understands the trade and construction space as well as the legislation (ask for a recommendation here).
  2. Check out Xero asap - great for getting your payroll and MTD filing sorted.
  3. Check out a Tradify demo here - digitise your scheduling, job tracking, time sheets, customer and supplier contact details (plus save yourself a bunch of admin time every day)

Good luck!