If you work with international guests and partners you’ll need to store their data which means you need to understand and have strategies in place to comply with international data protection regulations. Here are some guidelines that can help you with compliance:
1.Understand the global market you work with and find out the specifics of the respective data protection acts, e.g. working with EU citizens requires referencing to the GDPR. When you review these regulations, consider if / how they differ from your current data protection strategies. A few practical examples of areas to review include:
1.1. Review how you seek, record, manage consent and whether you need to make any changes to that process. There may be many areas in your business to review, making an inventory list of those areas is a good idea.
1.2. Review your consent form, you will need to explain your lawful purpose for collecting the information you are asking guests for at sign in, e.g. regulatory information for medical emergencies.
1.3. Check your procedures to ensure they cover all the rights that individuals have, including how you would delete personal data or provide data electronically and in a commonly used format. The GDPR includes the following rights for individuals:
– the right to be informed
– the right of access
– the right to rectification
– the right to erasure
– the right to restrict processing
– the right to data portability
– the right to object
– the right not to be subject to automated decision-making including profiling.
1.4. Consider how you will manage the right of erasure especially considering the lawful basis of this such as a contact being linked to a valid invoice.
1.5. Consider how you will present profile data to the contact should they request right of access.
2. Consider the areas you curate and store personal data. Review your policies and processes in each of these areas.
3. Check for regular updates to regulatory information and review any gaps in your current processes.
4. Consult a lawyer or a qualified Data Protection Consultant to obtain data protection advice applicable to your business.