Helene (33) experiences more peace of mind now that she knows that privacy has properly been arranged in her catering company

A little voice at the back of my head kept saying: what if something goes wrong one day?

That kept gnawing at me. My customers and employees are constantly changing, so I process quite a lot of personal data. And actually, I did not know at all if I was doing that the right way. My work as a caterer is about taking care of other people's needs. Safety is part of that. A little voice at the back of my head kept saying: what if something goes wrong one day?

You read the wildest stories about people being conned or blackmailed because personal data fall into the wrong hands. How would I feel if my customers get into trouble because I do not have my systems in order? What does that mean for the business I built up with so much love? But I kept postponing it.

I wanted to get rid of that nagging voice at the back of my head and turned the corner. When customers ask us what we do with their contact details and how we store payment data, they have to know that they are in good hands with us. So together with a few employees, I started to find things out, step by step.

We thought that a privacy statement actually had to use legal jargon. But that does not have to be the case.

The beginning was the hardest part. It is a lot of information to digest, and not always easy. We therefore started with a paper list of the types of information that we collect and store. Such as email addresses and payment data. After that, we read up on the GDPR. And soon I saw the same terms coming back time and again. Processing, legal basis, contract, register... we delved into that.

Then it dawned on us that a ‘legal basis’ actually is just your reason for doing something with data. And that ‘processing’ is everything you do with those data: from storing to sharing. Little by little, the subject matter became a bit more manageable.

In the end, we also drew up a privacy statement. We thought that a privacy statement actually had to use legal jargon. But that does not have to be the case. We wrote it all down in a language that was as understandable as possible. Because well, if it is incomprehensible, it is not much use to the customer. I did ask a lawyer from my network to read the text. The lawyer assured us that everything is clear as day.

By properly arranging the privacy, you stand out from other companies.

Sometimes I hear other entrepreneurs say that under the GDPR, nothing is ‘allowed’ anymore. But I don't agree with that. First of all, you have to explain clearly what you do and why you do it. And make sure that you do it properly and with the necessary security. Then a lot of things are allowed! You can also make privacy a focal point in your business. And in doing so, stand out from others.

My tip: do not postpone sorting things out until you get a critical question from customers. Who want know, for example, how exactly you process their data. Only to find out then that you actually don't know. Then you won't be able to help your customer – and it does not make you feel good either.

Those rules have not been made to pester us as entrepreneurs. Or to make things difficult for us. It is about protecting the privacy of people. When you look at your responsibility in that way, you are actually helping your customers even better. And as for me: it makes me sleep better at night!

* The privacy stories on this website are based on actual reports to the Autoriteit Persoonsgegevens. Due to the privacy of those involved, the personal data and some circumstances have been changed. We use models (stock photography) for the images in these stories.