GDPR

GDPR

That’s pretty good having mandatory on there

GDPR

GDPR – General Data Protection Regulation

What is GDPR

Released in May 25th 2018 this is how we store and use data.

The reason for GDPR being ammended now is because the last data laws came around in the 90’s.

Since then the internet, facebook, twitter, and emails have all come so far it was time for an update to protect our data.

When you have a website you first need to know what data you are collecting from people.

If you don’t comply with GDPR you could receive a fine of up to 20 million euros.

GDPR is written to protect EU residents from privacy and data breaches.

It regulates what can be done with personal data and specifies what personal information is.

In short on your website you need people to actively opt in to your marketing and cookies, instead of assuming they are ok.

What Data are you collecting and how is it stored ?

If a business asks you what information do you have on them you need to be able to show them how and what you are storing in a fast and efficient manner.

1) Cookie Notification

On you cookie consent pop up you will need them to actively opt in that it’s ok to store cookies.

So they will need to click ok or the banner will still stay there

Also on the cookie you need a link to your Cookie Policy Page

2) Cookie Policy

Have a dedicated policy page on your website.

This should specify what you collect and why.

If you use third party applications like Google Analytics then you should link to their Cookie policy page too.

3) Privacy Policy

This will expand on the Cookie policy.

How you collect and store

How people can contact you and see their own data

And the ability to contact you to remove their data, free of charge.

4) SSL

Best practise to have one and it encrypts the data from your website back to the persons personal computer

5) Lead Capture / contact forms

Don’t store the data unless you have to want to – so don’t store uncesercirly.

Store securely. Make sure your email provider has a GDPR policy.

If you print out enquire then you need to shred that information (so make sure your system for storing the data is know and written down as if you are investigated they will want to see this. If you print and they say what happens to it and you say we just put it in the bin, you are in for no lube in your nether nether regions)

No pre ticked boxes on your form, they have to tick to opt in.

Don’t bundle the boxes they have to be allowed to tick indivdiaull

tick the terms and conditions of the website

Tick the marketing, tick the contact me

Marketing has to be broken down into email, texts, letter ALL individually

6) Payments

If you take payments make sure your payment provider is GDPR complient (paypal, stripe) and you have their policies to hand and link to their.

7) Website Chat

Chat provider is GDPR complient as the name is stored somewhere so will that data be deleted afterwords.

What is personal data ?

Any information that could be used to identity a person.

Name, number, email, address, photos, IP address

Make sure you know what data you are storing.

Make sure their Data is stored securely

What measures have you got in place to stop your data being leaked or hacked?

If you lost your devices could you remotely wipe the data so it can’t be accessed ?

Also create the guide of how to store and keep safe as part of a risk assessment

Don’t hold data unnecessarily

You can’t hold data until you know what you are going to do with it.

Write a clear fair processing notice

Make sure you have a page that clearly states what you will do with the data and keep your customers informed of what you do with it.

Make sure no Jargon words so keep the form very simple and clear.

Questions to keep in mind

What information is being collected

Who is collecting it

How is it collected

Why is it being collected

How will it be used

Who will it be shared with

What will be the effect of this on the individuals concerned

Is the intended use likely to cause individuals to object or complain

Have a process to hand over that information

If someone asks you for their data and what information you hold you have 1 month to provide that data and it has to be free of charge.

Have a process in place to delete that data

If someone then asks for their data to be deleted have your process to delete their data in place and remove the data completely.

You have to do this if asked which means you need to know where all the information you keep on someone is.

Allow people to positively optin to you storing their data

If you are going to use someones data for marketing allow them to do so.

This can be an opt in button that will sort this out.

You can’t have a pre ticked box, that’s not allowed. The person has to actually tick the box to receive the marketing information.

Optin form extras

When someone is providing their email address and want to receive more information to know how and what you’ll store you can add a click here to see more and link them to the page with more information.

You can add something like this

Check the tick if you would like to receive marketing information from us. If you want to know how your data will be stored click here. The click here will have more information.

Make it easy to opt out

When you’re sending your marketing information make it really easy for someone to opt out.

So how you can unscribe.

Then for you you need to know what process is in place to stop that person receiving any more marketing material.

Everyone should be trained to GDPR’s laws

If it’s just you you’ll be ok but if there is a large amount of people with access to everyone’s data or requests to remove their data everyone should be clear on the procedures.

Have someone in charge to go to and oversee everything would be a bonus.

GDPR Questions

What if I want to buy data? How do I ensure this is GDPR compliant

So if you want to buy data say an emailing list make sure the company you are buying the data from are GDPR compliant.

That will mainly mean the company had positive opt ins (the person clicked yes to receive) to receive information from third parties – which is you.

What if I want to sell the business in the future, can I sell my data onto the new business owner?

Yes as long as you have an assignment clause to your fair processing notice.

And that should clearly state that if someone was to buy the business they would receive all of your data, but they can only use that data outlined in what you signed up for.

Make sure for the new business owner that they can only use the data for what people signed up for and they can’t use it for anything else unless someone positively signs up for the new process.

What about all the exisiting data I have one someone, can I keep this after the 25th May

When the new laws come in you need to make sure that people have positivly opted in for their information to be stored.

A good way to check this is to send out an email to everyone to ask them if they would still like to receive emails from you.

So ask them to positively opt in.

Granular Consent

Each marketing activity must be clearly communicated and requires separate consent.

Tick for email

Tick for direct mail

Tick for Blog updates

Mail Chimp Form

Field Label (what is this form about): GDPR and Marketing Permissions

Description of your form: We’ll use the information you provide on this form to be in touch with you and to provide updates and marketing.  Please let us know all the ways you would like to here from us.

Options: Email, Direct Mail, Customized Online Advertising (she changed to Email Marketing Tips, Visual Content Tips, Blog Updates, Relevant Offers

Legal Text: You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at. We will treat your information with respect. For more information about our privacy policies and practises click here. By clicking below, you agree that we may process your information in accordance with these terms.

Resources

GDPR Compliance 2018 Summary – 10 steps to avoid fines.

“https://www.youtube.com/watch?v=WPwG-MNMuBQ”

MailChimp and GDPR: How to Set Up GDPR Signup Forms

“https://www.youtube.com/watch?v=3_hdGLmHutk”

Is your website GDPR Ready? Follow this 7-step Checklist

“https://www.youtube.com/watch?v=OrLJ1rj8ZTY”

My Words

What is GDPR

GDPR is the rules and regulations on how we collect and store personal information from anyone within the European union.

This is about 25% of the Internets users so a large market that will effect everyone

The history and name of GDPR

GDPR stands for General Data Protection Regulation and replaces the Uk Data protection Act 1998

This new regulation comes into enforcement 25th May 2018

Why should I care ?

If you do not comply with the new regulations you could face a fine of up to 20 million pounds, or 4% of your turnover

Also on an ethical level we should care about how we treat someone else’s personal information.

What counts as Personal Information

Personal information is the name, phone number, email address, place of work, images, gender and basically anything that identifies a person.

How do I make sure I comply with the regs.

Here’s an outline with a summary below.

First of if you store any information the person must opt in for it to be stored.

That means a check box or a click of a button to confirm consent.

If you have information on people before the 25th and they didn’t tick for their information to be stored, resend an email asking if it is ok to store with a link to the policy. No reply by the 25th May delete the information

Also by the button should be more info which leads to your privacy policy which should contain below.

Store information securley

If you do collect information, let’s say an email address and name, how are you storing that information.

If you print of the name and number then that will need to be under lock and key, and this process needs to be written down

What will you do with the information

If you arn’t going to be doing anything with it, don’t have it.

If for example you have Google Analytics to use data to see what pages people are visiting, write this down that you are using a third party to see what pages people are looking at – plus then link that third parties privacy policy and you need to make sure that is GDPR compliant as well.

Your privacy policy writing

The privcay policy should be written in plain english for the person reading to be able to understand, examples can be added to help explain jargon words you may need

Contact information

You should have contact informaiton at hand if someone want’s to cancel

Know the person’s rights

If you store data the person can ask for information on what information you have on them.

You must provided this information within 1 month and free of charge.

If they want the information to be delted you must delete everything.

What you do to comply.

Make sure any information you want to collect has an opt in form. The person must click that they want to recieve marketing information or for their contact information to be stored.

Have a privacy policy page that contains

What information do we collect about you
Why we need that data
How long will we store that data
Marketing
Access to your information (include contact)
Cookies notice (also have a separate page for you cookie pop up to link to)

Have a cookies page (this is for your cookie pop up) – Also have a cookie pop up if you track peoples cookies

Make sure your website has a SSL certificate (green padlock in front of website name)

Have a process on how you store the data – example we store the name and email on gmail and a spreadsheet, the spreadsheet is on one or more computers ? we also print of and store in a locked folder

Have a process to delete – example we delete from gmail and the spreadsheet, we shred the folder. If the spreadsheet is on one or me will that be deleted to ?

Have someone in charge of this – all data must me organised and accounted for, this can keep time to track and have a system in place

You will need all of this if you get put under investigation and you can’t provide evidence of this (and it will become pretty apparent you do or don’t) which can lead to a fine of 4% of your turnover up to 20 million

Close Menu