Client Notes, GDPR, and Privacy
The world is abuzz with all the news and implementation of GDPR (General Data Protection Regulation). It’s important, it’s needed, and it is a bit scary, but it doesn’t need to be.
There are a lot of very smart people out there with very good explanations about it and what you should do about it.
Here is the regulation at the source:
European Union GDPR
The main thing it addresses is how we communicate with our people and how we respect their information.
Most likely you have received a lot of emails informing you about updated privacy policies and giving you the opportunity to reaffirm your desire to keep receiving emails from them. You’ll receive something like that from me, most likely along with the link to this blog post.
The consent part of GDPR is simple and well-advertised. Send emails only to people who want to hear from you, but what about the “keep your people’s data safe” part? How do you do that? The answers are varied and again really smart people are working on it.
The first step for us regular people is to know what information we have and where we keep it.
The email account is really the initial hub of your communication. All your contacts are listed in one place and can be kept up to date. This is where many of your people will enter your data collection system.
They send you an email and you get their email address automatically. You meet them at an event and they give you their phone number and ask you to call so you enter that information into your phone and it can sync to your email system.
To be safe and to protect your people’s privacy
- Use a secure password and 2 Factor authorization for your email account
- Keep your phone locked at all times
- Have a screen lock on your computer
Your Website
Websites are complicated things. I have a WordPress website and have several plugins that I make sure are legit and up to date.
When someone signs up for a website membership or buys something on a website personally identifiable data is collected to help them interact with the site.
Name, email address, IP addresses, physical locations, and credit card information are all examples of sensitive information stored on website servers. Most of us who have websites use other companies to keep the information safe. This is where you really want to do your research and make sure you are working with legitimate and responsible companies.
To be safe and to protect your people’s privacy
- Use a secure password and 2 Factor authorization for your website access
- Research any plugins you use for legitimacy and how well the company maintains the security.
- Stay up to date with updates and security – If you don’t understand what this means have your website people do it. It is important.
Your CRM and ESP
To keep track of how you communicate with your people you may use a Contact Relationship Manager (CRM) to organize your client notes, tasks, and communications, or you may just use an Email Service Provider (ESP) to send out your email newsletter. They will help you manage your email marketing list so you don’t accidentally email people who don’t want to hear from you. They will take care of unsubscribes and opt-outs automatically.
To be safe and to protect your people’s privacy
- Use a secure password and 2 Factor authorization for your CRM or ESP
- Regularly audit your list for inactive members and old data
- Become comfortable with importing and exporting data
Your Client Notes
It is a good idea to have a trusted cloud drive to store files, contracts, and other miscellaneous things. You may need to use it for client files if you don’t have a full CRM system set up or you may need a way to share documents with your clients or team.
To be safe and to protect your people’s privacy
- Use a secure password and 2 Factor authorization for your cloud storage accounts
- Be deliberate and thoughtful about how you share information on your cloud drive
Your Passwords and Your People’s Passwords
This one can get you into a lot of trouble if it is not managed carefully. In this world, we have dozens of passwords and our clients have dozens of passwords.
Sometimes we need to share access and are tempted to just give out the password to an important system. Don’t do this. Not to your kids, not to your assistant, and not to other team members. Also, do not let others share their passwords with you.
The safe way to share access is to use a password manager like Lastpass. It seems scary at first to trust a password manager but back in the day, it was also scary to trust banks. Today, the job of a password manager is to protect your passwords. That is what they do, and that is what they are good at. I can assure you that they will do a better job of it than you can.
To be safe and to protect your people’s privacy
- Use a Password Manager
- Use a secure password and 2 Factor authorization for your password manager
- Get comfortable navigating and sharing access using your password manager
Your Backup System
It is important to have a backup of your contact database and your files in case one of your systems fails. A good backup program like Carbonite can protect you from losing all your data, and your client’s data if there is a loss.
Like a password manager, a backup system can help keep your stuff safe.
To be safe and to protect your people’s privacy
- Set up an off site back up system
- Use a secure password and 2 Factor authorization for your back up system
- Make sure your backup system is set up correctly
Other stuff
There are of course more places where you can keep client data. It would be wise for you to do an audit of your systems and think it through.
Where do you keep all your stuff and your people’s stuff and is it safe?
To be safe and to protect your people’s privacy
- Do an audit on your systems and make a list of all the places where you keep client data
- Take the steps to make your systems more secure and respectful of people’s data
And FYI, here is a link to the privacy policy at Luxcentric
Don’t let your technology bully you!
Thanks. It wasn’t on this post so I will keep an eye out for it.
I think you misspelled the word “maintanence” on your website. If you want to keep errors off of your site we’ve successfully used a tool like SpellPros.com in the past for our websites. A nice customer pointed out our mistakes so I’m just paying it forward :).
Thank you 🙂 I am so glad you found it useful.
What an incredibly thorough post! GDPR can be so daunting. This definitely helped.