Are your IT systems GDPR compliant?
It’s essential that your systems have some way of restricting access to the information it holds, granting permission only to authorised individuals. Better still, many software producers have updated their services to be GDPR compliant.We recommend the Sage line of products, particularly Sage 200. It’s an enterprise resource planning system helping SMEs manage the full range of business functions, including inventory, accounts and CRM.
But while this (and software like it) is a very valuable tool for collecting and analysing data, it’s only as effective as the user. GDPR states that you must delete all non-relevant data held on individuals, and that’s your responsibility. (We have published a guide to doing this in Sage - contact me for a free copy.)Another important factor is the security of your customer’s credit card and payment details. We don’t recommend handling credit card details yourself. SagePay, for example, syncs perfectly with Sage 200 and offers an advanced level of encryption and security. It’s also important to note that outsourcing your data doesn’t relieve you of any responsibility - it’s up to you to ask questions of any third party handling information on your behalf.