Data protection laws are designed to protect the personal data that organisations hold on people, from staff and suppliers to customers.

On 25th May 2018, these laws – known as the General Data Protection Regulation (GDPR) will change, and all businesses across the EU will need to fully comply.

These new Data Protection laws will give EU citizens an even greater degree of control over their personal data and the way it's stored and used by companies.

Like all other businesses, this regulation will impact on all operations and functions across the Grafton Group, from the way we market our services to new and existing customers, to the security of the data we hold on everyone we interact with throughout the business. While the Grafton Group is committed to ensuring we have the right systems and processes in place to protect personal data, we can't do it without your help.

Understanding personal data

We all have an important part to play in understanding what personal data is, how it can be used and what steps we'll need to take as a business to ensure that data is kept secure at all times.

So what constitutes personal data? In general, it means any information that can identify a person, whether it's simply their name, or more detailed information like their address or bank details.

Few of us realise just how much of our personal data is stored by the many businesses, retailers and organisations we've interacted with throughout our lifetimes.

Like all other businesses, the Grafton Group hold numerous types of personal data on everyone we interact with throughout the course of our daily operations. This includes data on our employees, our customers and our partners, including third parties, contractors and suppliers we use.

That's why want we care about the safety of the data in our hands, and that's why it's vital to treat customer information with as much care as we would with our own.

How do we store data?

So how might we store personal data, and what steps should you take to keep it secure? Generally, personal data could be stored in one of two ways; physically (on paper in files) or digitally (online or on devices).

Whether it's a business plan, financial report, account application or any other information which contains personal data, paper documents must be stored securely, away from desks and counters. All paperwork that contains personal data should be locked away or shredded once you have finished with it; don't let it pile up.

Digital data is now more commonplace in most offices and homes, and there are multiple ways in which data is stored in this way. For example, you might keep computer files on your desktop, on your work or personal laptop, you may have access to trading or CRM systems, or you may send and receive personal data in emails to colleagues, suppliers or customers.

To keep digital data secure and to protect our systems from harmful viruses and hacking threats, we recommend following best practice to storage and securing digital data - not only at work but at home too - to ensure you keep yourself and your family safe.

In general, you should protect all files – including your laptop, PC and any USB sticks - with a strong password, and avoid storing your list of passwords on any of these devices.

If you use a mobile phone or device to access corporate email and data, whether it's your own or a company-provided device, you're still bound by the policies of the Grafton Group, so make sure it's password protected too.

With emails, be careful of opening anything that looks suspicious, sounds strange or comes from a sender you don't recognise and, avoid clicking on any links contained within the email. If you're unsure, delete it.

Increasing rights over data

The new Data Protection Regulation means that anyone we hold information about will have increased rights over how their personal data is used and stored.

As part of these regulations, customers might ask you to explain what their data will be used for. In most cases, it will be so that we can keep their account information up to date or to alert them to any in-store activities that might be of interest to them.

They can also request a copy of the information we hold on them (known as a 'Subject Access Request') and choose to opt out of any sales and marketing communications at any time, or change the channel of communication we contact them through.

In the meantime, if you have any queries, please contact your local Data Protection Lead or our Data Protection Officer.