With the launch of GDPR this year, even Santa and his elves have to consider data compliance – and a GDPR privacy policy. We take a festive look at what this might mean for the success of his unique international enterprise.

No business wants to have disappointed customers at Christmas. This means order details have to be recorded accurately and deliveries made on time – and this all takes personal data. So, what if you are one of the companies with the tightest deadlines and biggest customer base in the world?

How might GDPR data compliance, for instance, be an issue for Father Christmas?

Substantial data risk

Well, recent population statistics peg the number of people who are aged under 14 on the planet (arguably Santa’s primary target market) at nearly two billion. So, for Santa, a breach related to personal data could potentially represent a substantial breach in terms of GDPR compliance.

Of course, what personal data Santa holds on his ‘customers’ – and how – is up for debate. For example, a quick internet image search would suggest his ‘naughty or nice’ list holds only first names.

In the absence of any other details, couldn’t this come under the category of anonymised data? (And, while Rudolph and the other reindeer may help him navigate his sleigh, there’s no proof that the addresses they use are held anywhere but in Santa’s head.)

Check out Santa Claus’s GDPR privacy policy

Then there’s the issue of the letters. Are they shredded securely in lapland? Is the sub-processor elf under a GDPR-compliant agreement to do so?

The world’s children might include a wealth of personal information to make sure the gift they want gets to the right place. But surely a letter sent to the North Pole indicates consent to collect the personal information supplied (from both the child and the responsible parent posting the letter). However, in the absence of an explicit opt-in, this may be a grey area.

To be on the safe side, Santa could create a GDPR privacy statement for his ‘organisation’. The UK Information Commissioner’s Office (ICO) offers easy-to-follow advice on what to include.

By way of illustration, we’ve prepared some potential (and purely hypothetical) text that St. Nick might want to consider:

This is Santa Claus's GDPR privacy policy
This is the second part of Santa Claus's GDPR privacy policy

All references to companies are purely fictional and have no affiliation with existing entities. Postal address courtesy of Royal Mail.

Your own next steps

Ready to draft a GDPR privacy policy for your own business? The ICO offers a template that can be a useful starting place.

With your GDPR privacy policy in place, you’re ready to communicate it to your customers. They’ll understand how you use their data and be reassured that you take their rights seriously.

Compliant data capture: an easy option

Alongside a robust data privacy strategy, of course, any data you collect must start on a firm footing when it comes to GDPR compliance. Using a data capture app can help you here.

A data capture app allows you to create customised and GDPR-compliant permission statements that include positive opt-ins automatically. It will also validate all data you collect at source, eliminating inaccuracies, to ensure the data you collect is correct and clean.

Don’t take the chance of a data disaster.

Get in touch today to find out how Gather can help your business collect clean, crisp data this Christmas.

Take the first step towards valuable data

With our Data Capture app and Data services team on offer we provide all the tools necessary to unlock the value in your customer data

Get in touch

Stay up to date with Gather