As an ethical company, and well, as ethical human beings too I guess, we aim to comply with not only "best practice" but also with what's morally right in the real world.
Running an ethical business isn't about chaining yourself to trees, gluing yourself to motorways or becoming vegan. Although we could.
It's often about the most basic stuff. Respecting our customers as people and not just order numbers is a simple example of this.
Your data is your property and it should be protected.
That's the GDPR best-practice text being copied over.
But really your data is your name, address and email which we have to take in order to process and ship your order, which could be useful to a fraudster intent on stealing your identity.
We also sell a range of natural contraceptive products, the sales of which are stored for a time electronically with identifying information. We take every opportunity to speak to our customers and we know that some of them are very sensitive about there being no trace of their purchase and that we ship their contraceptives out in plain, unmarked packaging. Disapproving flatmates, worried parents or just nosey neighbours. We know we have a responsibility to our customers privacy when we process and ship their order.
In day-to-day terms it means we keep passwords secure and safe, we control access to our systems and servers, it means we don't share information when it doesn't need sharing, we delete what we can when we can and we even anonymise the sales data that we send to our trusted accountant.
We hope that we can keep to these high standards even when the goal posts move, cyber security threats develop and new risks appear.
But in the mean time, even in this high tech environment in which we trade, we will endeavour to apply common sense and ask the basic questions like "what if it were me and my data?".
