Have you GDPR Proofed your Credit Control Process?

Have you ‘GDPR proofed’ your Credit Control Process?


Data is at the heart of any credit control process. Regular readers know that we stress time after time the importance of having as much information as possible to inform your credit control methods.

Our reliance on digital tools, search engines, electronic communications, online accounting systems and the data trail, means that the new GDPR legislation will affect the way we work. Therefore actions are required to safeguard ourselves and our clients against the potential impacts.



What is this GDPR ?

GDPR is the General Data Protection Regulation. It is EU legislation, due for implementation in May 2018. This legislation is an enhancement to existing data protection legislation and its intention is to bring the rules up to date for the modern on-line environment.


What do I need to do ?

You know us at Corp & Comm, we like to illustrate in nice easy steps how to implement any advice, action or guidance. So find below a useful guide summarising what action to take.



12 Next Steps for your Credit Control Process


1.Be Aware – Make sure your credit team are aware of the rules and regulations. Don’t give any debtor an opportunity to evade payment, by quoting legislation that is not understood.


2.Be Compliant – Create a document to confirm what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.


3.Communicate properly – Review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.


4.Individuals’ rights – Check your procedures to ensure they cover an individual’s rights. How can you cope in a debt matter, should you receive a request to delete personal data ?


5.Subject access requests – Update your procedures and plans to ensure you have the ability to provide the appropriate account information within the new timescales put forward.


6.Processing personal data – Identify how in Law you are allowed to process the information you hold for collections purposes, document it and update your privacy notice to explain it.


7. Ensure consent – Seek to review, record and manage consent of customer’s information. Refresh any existing consents to ensure they allow for effective collections contact.


8.Children – In some industries, for example childcare and dentistry, you may need systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.


9.Cover data breaches – You should make sure you have the right procedures in place to initially manage, then detect, report and investigate any personal data breach.


10.Data protection impact assessments – Familiarise yourself with all codes of practice and work out how and when to implement them in your credit control process.


11.Data protection officers – Someone within your credit control should take responsibility for data protection compliance. This is best to be someone who deals with the day to day process.


12. International actions – If your organisation operates in more than one EU member state, have you thought as to what additional data protection guidelines you may need to follow.



(More on 12 Next Steps can be found here on the ICO site)


The final question has to be… Are you taking action for your Credit Control Process?


Be ready, be informed and be prepared. Please feel free to contact us to discuss how to become compliant, we’re always there to offer advice and guidance.

Comments are closed