GDPR for the self-storage industry: an introduction

GDPR stands for General Data Protection Regulation, which is a set of EU-wide data protection laws that come in to force on 25th May 2018. These new and stricter data protection laws will apply to all organisations in Europe, including the UK, and they include several important changes to previous legislation. Here is an introduction to the most important points for self-storage companies to consider. 

Governance

Not only must your business comply with GDPR, but you must also document that you comply. You will need to define your internal governance structure for data protection, review existing contracts with suppliers and ensure that staff is trained on data protection aspects that are relevant to their role. 

Consent notices

This is one of the places where, on a practical level, GDPR is very different to previous legislation. Your privacy consent can no longer be part of your general terms and conditions and it needs to include more information, whilst being written in language that is easy to understand. It also needs to be as easy for a customer to withdraw consent, as it is for them to give consent. 

The right to be forgotten

Customers have the right to request that you delete all data you hold on them. This can be easier said than done, and is a topic you should discuss with your software and IT suppliers to ensure they can handle these types of requests.

The right to data portability

A customer does not only have the right to access and edit the data you hold on them, but they also have the right to data portability. Specifically, this means that you must be able to provide this data in a commonly used, machine readable format. This is also a point to discuss with your suppliers of software and IT. 

Record of Processing

Whenever personal data is processed, there needs to be a record of this processing and the record needs to contain a certain amount of information about what was processed when, by whom and why. 

Privacy Impact Assessment

Whenever you make a technological change that affects the use of personal data, a Privacy Impact Assessment needs to be carried out. With a good template in place, this doesn't need to be hugely time consuming, but it is important that you can document that the assessment has been carried out. 

Data breaches

In certain circumstances, you might be required to inform your customers or even local authorities of data/security breaches. It is important that you know what those circumstances are, so that you can comply with the GDPR requirements if your IT environment is subject to a breach. 

What if...?

Under the GDPR, fines and penalties are considerably increased compared to the existing legislation. Fines are up to 4% of global annual turnover, or €20 million, whichever is highest. Alongside your efforts to get your business compliant, it is a good idea to review your insurance coverage, so that you are covered in the event of larger security breaches, and the like.

Documenting the smart way

A big part of GDPR compliance is being able to demonstrate that you consider data protection is every aspect of your business. This documentation task can feel overwhelming, but it doesn't need to be. There are tools to help you make the documentation process as efficient as possible, and it is a good idea to manage your documentation in a system that allows for version control, so that you can easily make changes when needed, or go back to previous versions when you want to. 

Join our webinar to get the party started

There is only so much we can share about GDPR in a short blog like this, but if you would like to learn more about GDPR for the self-storage industry, why not join our free webinar on the 8th of November. It is at 9.30 GMT and 10.30 CET, lasts for about 30 minutes and the last 10 minutes will be dedicated to answering your questions about GDPR for self-storage. 

To join us, sign up here: 

https://hi-tech.webinargeek.com/gdpr-webinar-hi-tech-1