Share This Page


Privacy Rules Your Business Must Operate By

September 17, 2018


Have you determined that GDPR does not apply to your business?

Congrats, if you have. But remember that you must follow privacy or data protection requirements in non-EU jurisdictions as privacy laws and regulations have and are being amended with very similar rules as EU’s General Data Protection Regulation (GDPR). Preparing ahead will protect your business from liabilities and stiff regulatory penalties.

As a general privacy or data protection practice, consider the following rules if your business uses or stores personal information.

Personal information would include for example, employee, customers or clients, members, and users or account holders personal information. Privacy or data protection rules apply when you’re collecting and handling personal information such as,

  • transactional information from customers
  • job candidates’ personal information
  • employee records
  • personal information used for marketing products or services
  • video (CCTV) and other employee-monitoring or surveillance
  • giving customers’ personal information to a third-party company to complete a purchase or order
  • sending direct marketing to individuals that you provide an unsubscribed link and make it easy for individuals to exercise their right to opt out of direct marketing



Here’s what you must tell people you collect personal information from:

  • Tell them who you are
  • Tell them the business reason behind you collecting their personal information
  • Tell them how you’ll use their personal information
  • Tell them if you’re sharing this information with other organizations
  • Tell them about their rights and choices:
  1. that they have the right to see any information you hold about them
  2. that they can correct it if it’s wrong or incomplete
  3. that they can request their personal data be deleted
  4. that they can request their data is not used for certain purposes

You can provide this ‘notice’ on your website’s privacy policy.



The key principles of privacy or data protection your business must follow are

  1. Lawfulness, fairness and transparency You must be open about what you’re doing with personal data. It must be legal
  2. Purpose limitation You must have a specific, explicit, and legitimate purpose
  3. Data minimization You must limit personal data collected to that which are relevant to the specified purpose
  4. Accuracy You must keep personal data up to date and corrections must be made without delay.
  5. Storage limitation You must not store personal information longer than is necessary for the purposes for which the personal information is processed
  6. Integrity and confidentiality (security) You must make sure personal information is kept safe from unauthorized disclosure and alteration.
  7. Accountability You must demonstrate you’re compliant with privacy and data protection principles and requirements in related jurisdictions.


What if enforcement authorities show up?

If a privacy or data protection enforcement  authority comes knocking or making inquiries about your personal information processing activities,

  • Be ready to show and tell the data protection authorities how your business collects and uses personal information


What if  you receive complaints or requests from individuals whose personal information you process?

  • Be ready to respond to individuals who wants to view what information you have about them or wants to exercise their rights
  • What if you don’t know what to do?
  • Get advice from a privacy/data protection expert.


Photo courtesy: Adeola Eletu, RawPixel, Mike Petrucci, and William Stitt

Comments are closed.

Share This Page

Social media & sharing icons powered by UltimatelySocial