You may not realise it, but as a small agency owner or self-employed freelancer, the data you collect and store could be at risk – whether that’s your clients’ contact information, a supplier’s payment card details, or an invoice with your home address on.

And while this kind of data processing isn’t on the same scale as the information that giants like Amazon, Microsoft or Apple might have to deal with, you still need to treat it with the same care.

“But it’s only me in the business, so the rules don’t apply”

Regardless of whether you manage a team of one hundred or just yourself, every business must follow GDPR. This means you’re expected to:

  • Be transparent about what you do with your data
  • Only collect what’s necessary
  • Keep your data accurate and updated
  • Destroy data once you no longer need it
  • Protect it from loss, misuse, or theft

You’ll also need to store it securely and have policies in place around accountability – for example, to show how your business would behave if data was stolen in a cyber attack.

“What do I need to do?”

First things first, you’ll need to complete a self-assessment checklist to find out if your business will need to pay a data protection fee, and how much that might cost. You can do this easily through the Information Commissioner’s Office website.

Once you’ve sorted the logistics of data protection and collection though, it’s important to follow these five basic steps:

1. Know what data you’re storing

Conduct an audit of your current data registration processes. Are you asking potential leads to submit their work emails through an order form on your website? Are you taking payments via invoice with your client’s address on or through a recurring direct debit? You need to know, at every stage of the customer journey, what information you’re asking for and why.

2. Don’t keep more data than you need

When you go through the initial client onboarding process, you might naturally make note of information like their phone number, date of birth, home address, and more. But if you eventually realise that much of this data is redundant, there’s no reason for you to hold on to it and expose it to potential risk. Ensure that such data is automatically destroyed (say, after a 3-month period) to avoid keeping superfluous information on file.

3. Store your data securely

Once you’ve figured out what data you need and what data can be deleted, you should uphold the latest data protection regulations. That means using strong passwords, implementing two-factor authentication, limiting shared access to files with sensitive data, and carrying out regular backups.

4. Write a privacy statement

This might feel like overkill for your one-man band, but a privacy statement containing all of the above information helps your clients self-serve when it comes to getting answers about how their data is being protected. Being able to prove that your client has signed and agreed to a privacy statement provides you with protection should your data practices be questioned.

5. Understand subject access requests (SARs)

Your clients, customers, contractors, and suppliers have a right to know what data is being held about them. They can make an SAR at any time, but you’ll have to respond within a month. Keeping your data stored safely and efficiently should help you to respond in full and in a timely manner.

Protect yourself and your business with Fasthosts

Not sure where to start? We don’t blame you. As a busy freelancer or one-man band, you’re already spinning a lot of plates, so don’t let data protection make it all come crashing down.

Fasthosts is here to support you with our Acronis-powered Cyber Protect solution and 24/7 customer support from our experts. The best part? If you’re a Gloucestershire-based business you can get all this, plus a free domain, email, and web hosting. Get in touch today to claim your package.