Map your data and list your purposes

We are talking about personal details about an individual. Think about what you store, where you store it and what you do with it.

• What data do you have?
  • Name
  • Address
  • Email address
  • Telephone number
  • Age
  • Other

• Where do you keep it?
  • In a database (computer)
  • In spreadsheets (computer)
  • In a locked filing cabinet
  • On a shelf
  • In a drawer
  • Other

• What do you need it for?
  • Sending emails about…
  • Sending mailings about…
  • Might need it one day

Thinking about how you have answered the questions above, you should only be holding/storing personal information if you have a genuine reason to keep it. When the individual gave you their information, how did they think it would be used?

You should only be using the information for the reason it was collected in the first place and the individual needs to know why. It needs to be accurate and not kept longer than necessary. It must be stored securely, to avoid accidental loss or misuse of the data.

If you don’t have a ‘good’ reason for keeping the information, then you should delete/shred it.

As you read through these GDPR guidelines, it should become clear ‘what is a ‘good’ reason for keeping the information’.

GDPR Step 2