GDPR is big news for the industry and, while the topic has been around for a few months now, many installers are still not up to speed. David Cook, Sales Director at Baxi, breaks down the most important information for you.

We’re only a few days in, as the General Data Protection Regulation (GDPR) officially came into effect on 25 May 2018 so, if you haven’t got your head around GDPR yet, you’re not alone. So what exactly is GDPR?

GDPR is a new data protection law, designed to protect you and your customer’s privacy. You’ll undoubtedly have noticed a flurry of emails in recent weeks, some of which will be from businesses you haven’t had contact with for years, and this is because the new rules have changed the way organisations can use your personal data.

Personal data is anything that identifies who you are: name, addresses, phone numbers, email addresses, as well as your medical information, and even cookies from the websites you browse. From a business point of view, this could be your customer list or contacts on your phone. Basically, it's that useful information you store to stay in touch with your customers.

The new law doesn’t just apply to large organisations like Baxi, it’s just as relevant to businesses like yours if you’re doing mass marketing activities. If you have a list of your current and past customers, this is considered data, so there are a few points you need to consider to make sure you’re staying on the right side of the law.

Old and existing customers

Even though old customers (say, those who are over two years old) might have said at the time that they are happy to hear from you in future, in order to keep in line with GDPR, you’ll need to get in touch to confirm they’re still happy for you to contact them. As for existing customers, as long as you have a clear paper trail about how they ended up on your contact list, you should be fine to use the information you have on file. To be on the safe side, delete any old, unused information, and be aware that your customers have the right to ask you to remove any details you might have about them at any time.

New customers

Going forward, any time you collect information – for example, a customer address when you’re starting a new job – you need to ask the customer directly if you can contact them in future and clearly explain the ways you are likely to get in touch. So, if you know you do annual service calls, or send out flyers detailing new services, you need to explain that to the customer and get their permission before you add them to your contact list.

Keeping information safe

The GDPR rules are pretty strict on keeping information safe and reporting any incidents which might put the privacy of that information at risk. This could be as simple as losing your phone or tablet, because anything which contains customer information and contact details comes under GDPR. Should this happen, or anything else, which means someone could get hold of your customer data, you’ll need to contact the Information Commissioner’s Office (ICO) in the UK within 24 hours, or 72 hours at the latest. To keep your information as safe as possible, be sure to password protect and encrypt any personal data you hold.

Be open

The new rules mean that customers can ask you to share what details you have on them at any time. Make sure you have that information available in a format which can easily be sent to the customer, whether that means an excel spreadsheet where you can quickly find and send individual details.

Playing by the rules can keep you safe from hefty GDPR fines. What’s more, keeping your customers up to date with how and why you keep and use their information can help strengthen your relationships.

At Baxi, we want to make GDPR as straightforward as possible for you. We have a dedicated support page for anyone looking for a guide to the principles of data protection and their obligations under GDPR, we have explained all the terms and definitions in plain English. Get clued up to stay compliant, and if you require any support you can also visit the ICO’s website.