<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=981514&amp;fmt=gif">

How to stay GDPR compliant when collecting customer data 

Posted by Nicky Hawkins on Apr 12, 2019 11:57:31 AM

How to stay GDPR compliant when collecting customer data 

Businesses run on data, but the strict directives of GDPR require companies to change how they acquire information linked to identifiable living individuals. Enterprises must comply with GDPR to avoid harsh penalties, and that may mean changing the way they collect customer data. Clearview provides GDPR consultancy services that help businesses implement the regulation while getting the information they need. Companies can do a few things to ensure that they collect personal data from customers without violating their privacy.

Guide To GDPR Compliance Best Practice - Long CTA


Whether customers are answering surveys or opting into an email newsletter service, they have to understand the action clearly. Users must know why a company requires personal details, who will access the information and what type of data they have to submit. A business should define its interests accurately to make it easier to target the right people for data. Customers must also know they have the right to withdraw consent. It should not be hard for individuals to revoke consent when they need to. If a company has any contractual obligation with customer information, then data subjects should be aware of this.

In some situations, it is not sufficient for a company to gain implicit consent, it must be explicit. Website cookies, for instance are some of the features that require explicit consent under the GDPR's purview. Businesses have cookies on their websites to track various user actions for marketing purposes. With the GDPR, EU websites must ensure that visitors actively accept cookies rather than just informing them that the site uses cookies. When it comes to explicit consent, a business must ensure that it uses verifiable methods. The language should also be concise and easy to understand.

Likewise, personal data should only be used for the purpose it was collected. Just because a lead provided their email address for a product enquiry does not mean they can be added to a sales database for another service. They would have to actively opt-in to these communications.


When collecting customer information, an enterprise must make the process as uncomplicated as possible for users. Data subjects should not have to go digging through the terms and conditions to find the consent form. Pre-checked opt-in boxes are easy to overlook so a business should no longer be using them. Website visitors should also know where a data controller and processor stores information. It helps for a business website to provide the security measures it uses to safeguard customer data.

Help with GDPR compliance

Besides individual consultancy services, we also offer online compliance training for GDPR and supporting data protection legislation. Companies must ensure that employees are aware of the GDPR and how to remain compliant. They must understand how to collect customer information across different platforms while still protecting it. Check out our GDPR compliance eLearning course for more information.

Guide To GDPR Compliance Best Practice - Small CTA

Topics: GDPR/Data compliance

The Clearview Blog

Find the best tips, tricks and news about business management and support software. Enjoy the educational articles by our experienced and knowledgable team.
New call-to-action

Follow us

Download the Infoboss brochure

Subscribe Here!

Recent Posts

Download the complete strategic planning toolkit
Best Practice Guide To Risk Management