14 • INDUSTRYNEWS
PROUD SPONSORS
OF THIS PAGE
5 GDPR KEY ACTION POINTS FOR LOCKSMITHS
» » IF YOU DEAL WITH CUSTOMERS, NO
matter how small your business is,
you will soon need to comply with, the
General Data Protection Regulation
(GDPR) regarding collection, storage
and usage of personal information. This
applies to e-mails, addresses, names and
telephone numbers.
There will be penalties for not
following the GDPR guidelines.
Insolvency will be a real risk for non-
compliant businesses due to fines.
Individuals can also sue you, if they suffer
because of your data management. This
could be for material damage or non-
material suffering, such as distress.
It might sound scary and like a burden,
but in general following GDPR rules
can show to your potential and existing
customers that as a locksmith you are
keen to respect the rights of personal
information. No one likes having their
data misused, lost or stolen and doing
everything you can to protect your
customers and grow their trust is always
a positive.
WHAT IS GDPR?
GDPR is built around two key
principles.
1. Giving citizens and residents more
control of their personal data.
2. Simplifying regulations for
international businesses with a
unifying regulation across the EU.
START DATE
GDPR will be effective from 25/05/18.
GDPR CHECKLIST FOR LOCKSMITHS
1. Customer data. You need to collect
personal data (e.g. name, address,
email, bank details and etc.) and
ensure that customers give you
consent to process the data if
you will be using this data for any
marketing activities.
The consent needs to be clear, specific
and explicit. Your consent statement
should describe:
• Why you’re processing their personal
data (the purpose), including the
legal basis you have, such as
consent (check the ICO’s privacy
notices page for more information)
• The categories of recipients you
may be sending the personal data to
(customer, employee, supplier, etc.)
• Use a positive opt-in (don’t rely on
pre-ticked boxes or default options)
• Explicit consent means a very clear,
specific statement of consent
• Keep your consent requests separate
from other terms and conditions
• Make it easy for people to withdraw
consent (and tell them how)
• Keep evidence of the consent (who,
when, how and what you’ve told
people)
For example, your customer will need
to sign a form which states:
“{your Company name} will use the
information you provide on this form to
get in touch with you and to call, e-mail
and send direct mail with marketing
updates. Please let us know all the ways
you would like to hear from us:
{check box} Phone
{check box} Email
{check box} Direct Mail
You can change your mind at any time
by clicking the unsubscribe link in the
footer of any email you receive from us,
or by contacting us at {add your e-mail}.
We will treat your information with
respect. For more information about our
privacy practices please visit our website.
By signing below, you agree that we may
process your information in accordance
with these terms.
{Place for signature}
2. Internal security measures and
training. You’ll need to have an
internal document which clearly
explains to all employees (if you
LOCKSMITHJOURNAL.CO.UK | MAY/JUN 2018
Sponsored by Insafe | Loksafe.co.uk | Insafe.com
have any) how you will need to
collect, process and store the
data. Ensure that your employees
understand what constitutes a
personal data breach and build
processes to fix it.
3. If a customer requests to delete/
amend data. Under GDPR each
request from the customer has a
timeframe and deadline of one
month, from the original date of
request.
4. Your website. If you use cookies on
your website or have a newsletter
subscription form, you need to make
sure that you amend the wording of
both.
5. Your e-mail database. If you have a
database of e-mail addresses, make
sure that you have a clear recorded
consent from each subscriber. If you
don’t have a sufficient consent, you
will not be able to send them mass
e-mails after 25th of May 2018. And
bear in mind, that consent can no
longer be hidden in small print but
must be presented clearly – so no
more pre-marked boxes.
HELPFUL LINKS
The website and checklist above are
great resource for small businesses
looking to step in-line with the GDPR.
ICO resource centre (small organisations
and the GDPR). https://ico.org.uk/for-
organisations/business/
ICO 12-step checklist
https://ico.org.uk/media/1624219/
preparing-for-the-gdpr-12-steps.pdf