Simple (hopefully) GDPR question
Discussion
My company only holds customer (and probably some lapsed customer) records on a single P.C. (we do have a data back-up!). This is purely used for invoicing purposes. We don't hold e-mail addresses - it's a local agricultural contracting business - and we don't do any marketing by e-mail or direct mail. We probably only have telephone numbers for about 50% of the customers on the computer (although they're all in my phone).
Do I actually need to do anything with regard to GDPR?
Do I actually need to do anything with regard to GDPR?
Not at all, a company is a legal person. Recommend getting a written policy in place, this should detail the reasons you keep the data, the process for deletion (along with 'proof' of deletion) and policy for deciding when to delete a record. This could be something like 12/24/36 months following last business transaction.
KevinCamaroSS said:
Not at all, a company is a legal person.
GDPR said:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
If you're storing contact details for a specific person though then it does apply.KevinCamaroSS said:
Not at all, a company is a legal person. Recommend getting a written policy in place, this should detail the reasons you keep the data, the process for deletion (along with 'proof' of deletion) and policy for deciding when to delete a record. This could be something like 12/24/36 months following last business transaction.
There is normally a 6 year limitation on legal action relating to contractual performance. I personally wouldn't delete data relating to the performance of any contract until that period has elapsed.If you have any form of professional indemnity insurance I would also consult with your insurers, as it may be they who carry the can and will need to advise what they want keeping and for how long.
janesmith1950 said:
KevinCamaroSS said:
Not at all, a company is a legal person. Recommend getting a written policy in place, this should detail the reasons you keep the data, the process for deletion (along with 'proof' of deletion) and policy for deciding when to delete a record. This could be something like 12/24/36 months following last business transaction.
There is normally a 6 year limitation on legal action relating to contractual performance. I personally wouldn't delete data relating to the performance of any contract until that period has elapsed.If you have any form of professional indemnity insurance I would also consult with your insurers, as it may be they who carry the can and will need to advise what they want keeping and for how long.
Gassing Station | Business | Top of Page | What's New | My Stuff