Contents
At the start of 2018, your inbox was probably getting flooded with emails from companies updating their Privacy Policies for the GDPR.
The General Data Privacy Regulation (GDPR) is a European Union law that came into effect in May 2018.
Why is this such a big deal?
It’s because the GDPR introduced changes to EU privacy laws that impact businesses all around the world.
Any data collected from a customer in the EU is now protected under the GDPR. It doesn’t matter where the data is processed.
If you’re worried about how the GDPR could impact your business, check out our 5 quick tips for GDPR compliance.
1. Get A GDPR Compliant Privacy Policy
This one is easy and straightforward: Get a Privacy Policy that aligns with the GDPR privacy principles.
Once you get this first step out of the way, you’ll be well on the right track.
That said, having a Privacy Policy is not enough. You actually have to do what the Privacy Policy says you will do! This is where the next 4 tips come in handy.
2. Know About ‘Personal Data’ Under The GDPR
The types of personal information protected by the GDPR are more extensive than under previous privacy legislation. You need to know what data is protected.
Under the GDPR, ‘personal data’ includes:
- Name
- Photo
- Email address
- Phone number
- Mailing address
- Identifying numbers (e.g. bank account number)
- IP addresses
- Biometric data (e.g. finger prints)
- Mobile device identifiers
- Geo-location
- Behavioural and demographic profiling data
3. Get A Cookie Pop-Up
One easy step in the right direction is to add a cookie information pop-up to your website.
This should include a link to your Cookies Policy outlining exactly what information you collect from your website visitors. You can check out cookie-script.com for a free and simple solution.
4. Know About ‘Consent’ Under The GDPR
The GDPR has strict requirements for what it means for people to consent for their personal data to be collected.
Some of these are:
- “Opt-in” requirement: If you give customers a check-box option to receive more communications from you, make sure you leave the box unchecked. They have to actively give their consent by checking the box themself.
- “Obvious” requirement: Make sure your requests for consent are not hidden or ambiguous. Using a pop-up on your homepage is a good option.
5. Store Your Data Properly
It’s a smart idea to clean up and invest in your data storage systems. You should try to find a good, secure CRM that can make sure your data storage is compliant.
At any time, you’re required to know the following things:
- The personal data you’re holding is secure.
- If necessary, you could find and access one person’s data in every place it’s stored.
This might sound pretty intense for a lot of small businesses. The reason for taking these measures is that under the GDPR, EU citizens have extra rights in relation to how and where their personal data is stored.
Subject Access Request
EU customers have the right to ask businesses how, why and where their personal data is being used. They can also request for this data to be deleted immediately, and the business must comply with this request.
If an EU customer asks you how, why and where their personal data is being used, you must provide them with an honest response, along with a copy of their personal data in an electronic format – free of charge.
To save time and stress, it’s smart to have a process in place for this situation. Preparing a template document in advance that outlines to the customer all the ways your business uses the personal data it collects is a good start.
The Right To Be Forgotten
If an EU customer asks you to delete their data, you must immediately delete the customer’s data from everywhere it is stored or used in your business.
This can be quite onerous – it’s not just your CRM or other databases. It’s all possible places that customer data could exist, including cookies, documents and archived emails.
Having a secure, centralised system for holding customer information can make it easier to locate all customer data at any time as needed.
There are serious fines and other penalties for non-compliance with these requirements.
What To Take Away…
These days, it’s important to take privacy law seriously. Particularly as an online business – or any business with a website.
These 5 quick tips are designed to help you make the first steps to getting in line with the GDPR. You can start by getting a GDPR Privacy Policy, cookies pop-up and opt-in subscription forms right now!
And remember – if you’re unsure about your GDPR compliance, you should get advice from a qualified lawyer.
Get in touch now!
We'll get back to you within 1 business day.
Top 3 Legal Mistakes
Book in a free consultation with us to discuss your legal needs.
0 Comments on "5 Quick Tips for GDPR Compliance"