Private Dave. Winning the data protection battle.

On a quiet weekday afternoon in Woodham, Simon, who doesn’t have anything better to do, decides to mind someone else’s business. As usual, the first person he thinks of is Dave, the unfortunate proprietor of FinalVinyl, so Simon pops into the main Woodham store. Bemused to find it apparently abandoned, he quickly becomes aware that somewhere behind the counter, hidden from view Dave is rummaging around, apparently treading water in a sea of papers.

“OK – I presume there’s a reason for this chaos” says Simon.

“Certainly is. I’m setting up a sort of loyalty scheme for my best customers.”

“And how, exactly, is this chaos contributing to that?”

“I’m just sorting out the paperwork.”

Simon laboriously extracts some of the details from Dave, namely that FinalVinyl is proposing to offer a loyalty discount to good customers, based on a sliding scale by which the amount of discount increases by correlation to the amount of money spent.

“How will you work out who your best customers are?”

It transpires that Dave has notes of the names, phone numbers and sometimes e-mail addresses of some of his repeat customers – the kind of people who leave their details with him if they’re on the lookout for some particular vinyl rarity. “I thought I’d just set up an e-mail circulation list and let everyone know. Shouldn’t take me more than an hour or so.”

“Sounds like a plan – and a sight better than just having names and addresses littering the shop. The data protection people would be apoplectic if they saw this.”

“No, it’s fine”, says Dave. This is just names and numbers and stuff. No bank details or anything confidential. And anyway, none of it’s on computer yet.”

“Wrong on both counts. Personal data is basically anything that can be used to identify someone. You’re not allowed to store personal data in any form unless you handle it properly. And believe me, scribbling names and phone numbers on little sticky labels and sticking them on the till does not count as proper handling.”

“What does count as proper handling, then?”

“There are some data protection principles you need to follow. Things like keeping personal data up to date, and accurate, secure, dealing with it fairly. I can’t remember them all, but I know how to find them.”

Dave hazards a guess: “Simplify the Law, maybe?”

“You’re learning.”

“So what do I do now, then? Do I have to register with someone if I’m holding personal data of my customers?”

“Not necessarily, though it’s not very difficult and it’s generally a good idea. Especially if you’re planning on increasing your online business. And then you’d need a privacy policy.”

Dave is wishing he’d never mentioned it.

“I wish I’d never mentioned it,” he says.

“Just as well you did”, says Simon. “Because even if you’re not required to register you’re still obliged to follow the data protection principles. You can be fined if you don’t. A privacy policy will help you organise yourself to do what you have to do anyway, and it will show your customers that you’re protecting their details.”

“And where will I get one of those?”

“Need you ask…? Now, we should have a word about cookies.”

Dave takes the hint, puts the kettle on and logs into Simplify the Law to draft his privacy policy. Five minutes later it’s ready, and he sets about protecting data for all he’s worth.

View the solution Privacy_policy button

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s