Difference between revisions of "Your Data Protection Program and bxp"

From All n One's bxp software Wixi

Jump to: navigation, search
(Created page with "= Overview = Data Protection is an essential part of any business solution that retains potential and existing customer data. It is important for you to know what you're e...")
(No difference)

Revision as of 20:58, 1 February 2016

1 Overview

Data Protection is an essential part of any business solution that retains potential and existing customer data. It is important for you to know what you're entitled to keep and not to keep and for how long. It is also important to know how bxp can help you in adhering to your legal requirements.


This article provides an outline program to help you navigate what bxp can do for you.


2 PII

Personally identifiable information (PII) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII. https://en.wikipedia.org/wiki/Personally_identifiable_information


Predominantly a US concept, the term equally applies globally and will be used throughout this article.


3 Laws

It is important for you to understand the data protection laws that apply to your country and your data. We provide an article to help you navigate this complicated area. Data_Protection_and_Data_Retention


If you feel more comfortable chatting to an experienced practitioner of the area, then get in touch with us at sales@bxpsoftware.com and we'll help to find you someone appropriate to help.


4 The program

4.1 PII fields

So at this stage, you recognise that you have some requirements upon you that you need to comply with. You understand the types and period of data that must be kept and that which must be removed. Generally information will now be clear to identify as PII and not-PII information.

Take for example, the following list of fields:

  • Firstname
  • Surname
  • Street
  • Area
  • County
  • Country
  • Phone
  • Email
  • Industry worked in
  • Number of children
  • Children's names


As you have probably worked out there is PII and non-PII information in that list.


  • PII - Firstname
  • PII - Surname
  • PII - Street
  • Non-PII - Area
  • Non-PII - County
  • Non-PII - Country
  • PII - Phone
  • PII - Email
  • Non-PII - Industry worked in
  • Non-PII - Number of children
  • PII - Children's names


4.2 Time

Once you have identified the PII fields in your data, the next important piece of information is time. For how long can you keep data? For how long must you keep data? Depending on the industry you're in, it will need to be ascertained for how long you can keep the data. Let's look at a few examples.


If the person is still a customer, (an active customer) then you need to keep PII so as to be able to work with the customer. Please remember that the information stored should not be excessive but rather enough to enable trade. As long as the customer is trading with you, then you can keep the data.


If the person was enquiring for a price (a prospect), then you are going to have a much shorter time window for retaining data. Essentially, the person has nothing to do with your company so you really shouldn't be storing data about them. 6 to 12 months is a rule of thumb to follow.


If you have traded with the person but they're no longer actively trading with you, e.g. a once off purchase (a passive customer), then you can only keep data up to a certain point. Essential, after your trade the person will revert to being a prospect in the same amount of time as a prospect.


The only over-riding length of time on a prospect is for legal reasons. (legal retention). If you trade with the customer and the law of the land requires you to keep data on customer available for a given period, e.g. in the financial industry, then you must not delete the PII information.


The only final exception to data retention is if the customer explicitly wants you to retain information about them. This consent is not implied and must be explicitly stated. A customer cannot opt out of your retention of their data, they must explicitly opt in. This law varies by country, but in most modern European countries the law requires explicit opt in from the customer. You must also in your communications give the customer easy ability to have their data removed without hesitation.