Search Our Site

We have 2,982,938 registered online learners.
745 new learners so far today.

GDPR in the food chain – do you know what it will mean for your business?

schedule 1 month ago by Jane Milton in Food Hygiene

Two chefs looking at tablet screen

I’m concerned as I speak to food businesses – from small restaurants to larger manufacturing businesses – that there’s a feeling the imminent GDPR regulations (25 May 2018) do not apply to them. In fact, the General Data Protection Regulations will apply to every business of any size and the penalties for breaches are high – up to €20 million or 4% of turnover – so businesses can’t afford to overlook it.

So, as a food business, the GDPR will have an impact on you. On an individual level, it should mean you will get less unsolicited mail and calls, people should not be able to buy your data as easily and they shouldn’t be able to communicate with you without your permission.

From a business point-of-view, you will need ensure your business operates in such a way as to prevent these things from happening to those you hold data on, so it’s important to make sure you can prove that:

Any personal data your business holds is essential to the business

This relates to employees, suppliers, engineers that service your equipment, customers and any individual on whom you hold data. That means your database needs to be cleaned and updated regularly – you cannot just add someone‘s details and hold them indefinitely. Under the GDPR, IP addresses, social media posts and photographs are also counted as personal data, along with information you may already expect, such as telephone numbers, email addresses or postal addresses.

You have policies and procedures for protecting personal data

Access to personal data from within your organisation should also be responsibly thought through.

The businesses you work with are also GDPR compliant

This relates to all businesses you might work with, such as suppliers, engineers or organisations you may use to store your data, or back up your database, off-site.

Everyone on your database has opted in and that you uphold their rights when it comes to accessing their data and objecting to its use

For instance, if somebody gives you a business card at a trade show, it does not mean they have automatically given you permission to contact them about your products – you will need to have a record of the consent they have given you and how they have agreed to you using that data. It may be simplest to have an electronic consent form for them to sign up to at trade shows available on your phones or tablets.

You are able to remove personal data or are able to update it within your database

If someone asks you to stop mailing them or calling them about a particular service you offer, you will need to be able to remove their personal data or update the information on your database to instruct how their data can be used – such as when and how you will contact them.

You are able to remove any personal data your business holds on someone

Under the GDPR, data subjects have the ‘right to be forgotten’. So you must be able to remove personal data safely and totally from your system, if the data subject requests to be erased or forgotten.

Your business gains consent in the correct way

Companies can no longer use pre-ticked or opt-out options to gain data consent from customers. A clear, positive opt-in tick-box must be used. It also means that mailings need to have clear and simple unsubscribe processes.

The wide-ranging nature of these regulations means it’s not wise to leave it until the last minute to implement any changes. Here are nine basic steps you should complete to prepare for May 2018:

1. Recognise who your Data Protection Officer (DPO) is within the business – this is your data gatekeeper. If your business has fewer than 250 employees this is not compulsory, but it is always easier when someone champions a project.

2. Make sure everyone within the business understands what GDPR does for them as an individual and how it affects how they collect, store and use data at work.

3. Clean your database and remove any information you know is no longer relevant.

4. Ask everyone whose data you want to store if you can continue to keep their information. Tell them how they can see what information you’re storing on them, how you will store it, what specifically you will use it for and how they can have that information removed or altered.

5. Make sure that, for each person’s data, you store the permissions you are granted and can show them if required.

6. Have clear business privacy policies and make sure they are accessible to all employees.

7. Regularly maintain your database and train your staff in their GDPR responsibilities.

8. Make it simple for people to request to be removed from all the communications you send.

9. Report any data breaches, whether internal or via an external company, to the Information Commissioner’s Office (ICO).

Above all, take action now. Get the information on what you’re required to do from a reliable source and start preparing your food business for the GDPR legislation before it’s too late.


Related resources

Jane Milton for Virtual College

Author: Jane Milton

Jane Milton has built a reputation working in the food industry for over 30 years, growing food business by working with producers, innovators and retailers, helping them develop ideas and bring them to market, cost effectively , quickly and successfully.

CPD
Investors
ISO 9001:2015
Microsoft
Crown Commercial Service Supplier

Contact

+44 (0)1943 605 976

info@virtual-college.co.uk

Marsel House

Ilkley, West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.
Live Chat

Click to chat

Login

We launched a new website in February 2017. If you want to go back to a course, or start a course, bought before this date then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.

LMS

You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.