No business wants to have disappointed customers at Christmas. This means order details have to be recorded accurately and deliveries made on time – and this all takes personal data. So, what if you are one of the companies with the tightest deadlines and biggest customer base in the world?
How might GDPR data compliance, for instance, be an issue for Father Christmas?
Substantial data risk
Well, recent population statistics peg the number of people who are aged under 14 on the planet (arguably Santa’s primary target market) at nearly two billion. So, for Santa, a breach related to personal data could potentially represent a substantial breach in terms of GDPR compliance.
Of course, what personal data Santa holds on his ‘customers’ – and how – is up for debate. For example, a quick internet image search would suggest his ‘naughty or nice’ list holds only first names.
In the absence of any other details, couldn’t this come under the category of anonymised data? (And, while Rudolph and the other reindeer may help him navigate his sleigh, there’s no proof that the addresses they use are held anywhere but in Santa’s head.)
Then there’s the issue of the letters. Are they shredded securely in lapland? Is the sub-processor elf under a GDPR-compliant agreement to do so?
The world’s children might include a wealth of personal information to make sure the gift they want gets to the right place. But surely a letter sent to the North Pole indicates consent to collect the personal information supplied (from both the child and the responsible parent posting the letter). However, in the absence of an explicit opt-in, this may be a grey area.
To be on the safe side, Santa could create a GDPR privacy statement for his ‘organisation’. The UK Information Commissioner’s Office (ICO) offers easy-to-follow advice on what to include.
By way of illustration, we’ve prepared some potential (and purely hypothetical) text that St. Nick might want to consider:
All references to companies are purely fictional and have no affiliation with existing entities. Postal address courtesy of Royal Mail.
Your own next steps
Compliant data capture: an easy option
Alongside a robust data privacy strategy, of course, any data you collect must start on a firm footing when it comes to GDPR compliance. Using a data capture app can help you here.
A data capture app allows you to create customised and GDPR-compliant permission statements that include positive opt-ins automatically. It will also validate all data you collect at source, eliminating inaccuracies, to ensure the data you collect is correct and clean.
Don’t take the chance of a data disaster.
Get in touch today to find out how Gather can help your business collect clean, crisp data this Christmas.