It seems that everyone is talking about General Data Protection Regulations (GDPR) at the moment, so we thought it would be worth letting you know how we look after our client's data and give some tips about what you need to do with the data that you keep.
We have to keep client contact info so that we can keep in touch about projects and any updates we may be making to our servers and software. All of our data is stored securely with restricted access and we certainly don't pass it on to anyone else.
What you can keep
If you have a customer contact form on your website, or are selling online, you will be keeping that contact info on a database which is part of your site. You can keep this data for business purposes, like replying to enquiries, or invoicing customers, and you have to keep financial info as required by the HMRC.
However, you can't give this information to others, or use it for marketing purposes without the express permission of the individuals concerned. And this can't be a box that is already ticked saying 'I am happy to receive marketing stuff', which an individual needs to untick in order to remove permission, and it can be a note declaring that by agreeing the website general terms and conditions, you are also agreeing to be marketed to. It has to be a clear, specific option for the individual to choose to 'opt in' to your marketing activities . This is relatively easy to add as checkbox on any contact form on a website.
Where to get advice
You will also need a data protection policy on your site. If you are not sure what it should look like, the ICO has some great advice. Even better, if you are a member of the FSB, they have some very useful policies that you can use as a guide for free.
Please remember, the main thing to about GDPR is that it's purpose is to to keep people's data safe, make sure that people are not sent unwanted marketing material and that they have the right to say what others do with their data. Just general good behaviour really.