GDPR for Jewellers
Ok so before I start, just a quick note to say that I am not a lawyer and this is not legal advice. This is my advice based on my own research with GDPR which has involved reading the super long government document about it, researching different opinions online and picking out the key things that most jewellers/small business owners would need to know.
I hope it helps!
GDPR is a law that relates to how we store and use data about people in our business (customers, staff, suppliers).
The main features of GDPR are:
- Consent (that it is freely and explicitly given)
- Record keeping
This is a relatively new law and there are many interpretations of it. There is no one ‘this is exactly what you should do’ document which is why so many small business owners are confused (I hear ya!) even the ICO (Information Commissions Office) themselves… I have called them a few times about it and there are lots of grey areas… so we shall do our best…
And not spend our whole life on it!
ISSUE: Getting Consent
When collecting your customers information for email lists, purchases etc… you need to make sure you have their consent to do what you plan to do with it which means:
Saying what you will send them when they sign up. If it is a marketing email list, say that. If it is taking their info so that you can send them a product, say that.
BE SUPER CLEAR ABOUT WHAT YOU ARE DOING WITH YOUR CUSTOMERS INFORMATION.
It is a great idea to build an email list for your jewellery business, so when you are doing it let customers know; if you join this list we will send you regular updates on our events, offers and promotions.
Give them the choice if they want to join or not.
NO PRE-TICKED signup boxes
No VIP list sign up that doesn’t explain what will be sent
And no sign up sheets at fairs that don’t outline what you will send them
Keep building an email list, keep collecting customers info that you need to be an amazing, growing business. Just be clear everywhere that I can sign up, what exactly I am getting.
ISSUE: Allowing customers to unsubscribe
There must always be a way for customers to unsubscribe. You would want this anyway. Using a platform like Mailchimp to manage your subscriptions will massively help with this and is highly recommended.
Use an email platform to manage your subscriptions. It is one thing off your to-do list.
ISSUE: Storing Customers Data Securely
It is important that any data we hold about our customers is essential. We don’t want to ask for their parents address if we don’t need it! It is also required that any data we hold is stored securely.
If you have order forms, or loose sheets with personal data on this needs to be kept in a secure place such as a locked cabinet. Do question if you really need it, if you don’t be sure to destroy it using a shrewder or similar method.
Make a note of what your processes are around this, that way in the very unlikely event you may be investigated, there is a clear system for how you store and protect data you have to keep.
For sorting customers info online, you need to check with your website provider if they have a secure GDPR compliant system. Most of the big ones will and if you are storing other necessary data online something like a locked dropbox with secure passwords is a great option.
Imagine that it was your data that another company had, you wouldn’t want cyber bullies to get hold of it. With this in mind, put measures in place to keep it safe.
Check your storage of customer data, consider a locked space for paper versions and/or a secure dropbox account online for any forms or info you are needing to keep hold of. If all your customers info is stored on your website, you are probably protected but do double check with your provider.
I would also recommend getting anti-virus software on your computer to reduce risk of a data hack. We are small but these things can happen to anyone.
ISSUE: Storing any staff/contractors data securely
Same as above – if you employ people or work with contractors their data needs to be treated in the same way.
Another point is that if someone (customer/supplier/staff) ask what data you hold on them. You legally have to tell them within a month.
It’s the same as the point above. Store all data securely and destroy it if you don’t need it.
ISSUE: Recording where the data came from
How, when, where did I join your list?
As part of GDPR you need to keep a record of how people joined your list. Or how you were given their data.
If using mailchimp, they will have an automatic record for you on the system. If they are joining through a physical sign-up sheet, make sure you keep a record of the date and place that they signed up.
This also applies to your website which will record customers information and when they signed up.
Again, use an email marketing provider like Mailchimp to help you keep an automatic log of who joined, where they joined and when.
If you use paper based sign-up sheets, make a note on the list of the date and place when the details were collected. Then store this list in a locked cupboard or enter the information into Mailchimp or a digital document stored safely (Dropbox) and then destroy the hardcopy.
ISSUE: Updating your policies
Ideally you should already have a page on your website or Etsy site that states clearly what your policies are regarding your business. This is where you should specify:
How secure your site is when collecting and transferring data like payment details
What happens when your customer places an order eg. how you will process an order, what happens if the item isn’t in stock etc
Your policy when it comes to any promotion you might run - when they apply and when they don’t
Your policy when it comes to delivery and returns
Your copyright and trademark statement
And finally other legal stuff like disclaimers and liabilities
This is where you will now need to add a section about GDPR to state clearly that you are compliant with the new regulations on data collection and storage and strive to keep up to date with the latest guidelines.
Take a look at what other retailers are doing.
Have a look at Etsy’s policies and well as some smaller retailers or jewellers. Etsy’s policies will be super watertight and very exhaustive, but a smaller retailer with less customer data on file will probably only have a brief section.
Then craft your own version for your website. It doesn’t need to be a big section, only a short paragraph or two. There are no hard and fast rules, and most micro business owners will be creating there own. If you are concerned you may want to ask a lawyer to draft if for you.
For more on-going support in running a profitable, sucessful, sustainable jewellery business join the Jewellers Academy membership (or join the waiting list). We have a wonderful community of jewellers launching and growing their businesses together, you don't have to do it all alone - do it with us! To find out more visit www.jewellersacademy.com/membership