That’s pretty good having mandatory on there
GDPR – General Data Protection Regulation
What is GDPR
Released in May 25th 2018 this is how we store and use data.
The reason for GDPR being ammended now is because the last data laws came around in the 90’s.
Since then the internet, facebook, twitter, and emails have all come so far it was time for an update to protect our data.
When you have a website you first need to know what data you are collecting from people.
If you don’t comply with GDPR you could receive a fine of up to 20 million euros.
GDPR is written to protect EU residents from privacy and data breaches.
It regulates what can be done with personal data and specifies what personal information is.
In short on your website you need people to actively opt in to your marketing and cookies, instead of assuming they are ok.
What Data are you collecting and how is it stored ?
If a business asks you what information do you have on them you need to be able to show them how and what you are storing in a fast and efficient manner.
1) Cookie Notification
On you cookie consent pop up you will need them to actively opt in that it’s ok to store cookies.
So they will need to click ok or the banner will still stay there
Have a dedicated policy page on your website.
This should specify what you collect and why.
How you collect and store
How people can contact you and see their own data
And the ability to contact you to remove their data, free of charge.
Best practise to have one and it encrypts the data from your website back to the persons personal computer
5) Lead Capture / contact forms
Don’t store the data unless you have to want to – so don’t store uncesercirly.
Store securely. Make sure your email provider has a GDPR policy.
If you print out enquire then you need to shred that information (so make sure your system for storing the data is know and written down as if you are investigated they will want to see this. If you print and they say what happens to it and you say we just put it in the bin, you are in for no lube in your nether nether regions)
No pre ticked boxes on your form, they have to tick to opt in.
Don’t bundle the boxes they have to be allowed to tick indivdiaull
tick the terms and conditions of the website
Tick the marketing, tick the contact me
Marketing has to be broken down into email, texts, letter ALL individually
If you take payments make sure your payment provider is GDPR complient (paypal, stripe) and you have their policies to hand and link to their.
7) Website Chat
Chat provider is GDPR complient as the name is stored somewhere so will that data be deleted afterwords.
What is personal data ?
Any information that could be used to identity a person.
Name, number, email, address, photos, IP address
Make sure you know what data you are storing.
Make sure their Data is stored securely
What measures have you got in place to stop your data being leaked or hacked?
If you lost your devices could you remotely wipe the data so it can’t be accessed ?
Also create the guide of how to store and keep safe as part of a risk assessment
Don’t hold data unnecessarily
You can’t hold data until you know what you are going to do with it.
Write a clear fair processing notice
Make sure you have a page that clearly states what you will do with the data and keep your customers informed of what you do with it.
Make sure no Jargon words so keep the form very simple and clear.
Questions to keep in mind
What information is being collected
Who is collecting it
How is it collected
Why is it being collected
How will it be used
Who will it be shared with
What will be the effect of this on the individuals concerned
Is the intended use likely to cause individuals to object or complain
Have a process to hand over that information
If someone asks you for their data and what information you hold you have 1 month to provide that data and it has to be free of charge.
Have a process in place to delete that data
If someone then asks for their data to be deleted have your process to delete their data in place and remove the data completely.
You have to do this if asked which means you need to know where all the information you keep on someone is.
Allow people to positively optin to you storing their data
If you are going to use someones data for marketing allow them to do so.
This can be an opt in button that will sort this out.
You can’t have a pre ticked box, that’s not allowed. The person has to actually tick the box to receive the marketing information.
Optin form extras
When someone is providing their email address and want to receive more information to know how and what you’ll store you can add a click here to see more and link them to the page with more information.
You can add something like this
Check the tick if you would like to receive marketing information from us. If you want to know how your data will be stored click here. The click here will have more information.
Make it easy to opt out
When you’re sending your marketing information make it really easy for someone to opt out.
So how you can unscribe.
Then for you you need to know what process is in place to stop that person receiving any more marketing material.
Everyone should be trained to GDPR’s laws
If it’s just you you’ll be ok but if there is a large amount of people with access to everyone’s data or requests to remove their data everyone should be clear on the procedures.
Have someone in charge to go to and oversee everything would be a bonus.
What if I want to buy data? How do I ensure this is GDPR compliant
So if you want to buy data say an emailing list make sure the company you are buying the data from are GDPR compliant.
That will mainly mean the company had positive opt ins (the person clicked yes to receive) to receive information from third parties – which is you.
What if I want to sell the business in the future, can I sell my data onto the new business owner?
Yes as long as you have an assignment clause to your fair processing notice.
And that should clearly state that if someone was to buy the business they would receive all of your data, but they can only use that data outlined in what you signed up for.
Make sure for the new business owner that they can only use the data for what people signed up for and they can’t use it for anything else unless someone positively signs up for the new process.
What about all the exisiting data I have one someone, can I keep this after the 25th May
When the new laws come in you need to make sure that people have positivly opted in for their information to be stored.
A good way to check this is to send out an email to everyone to ask them if they would still like to receive emails from you.
So ask them to positively opt in.
Each marketing activity must be clearly communicated and requires separate consent.
Tick for email
Tick for direct mail
Tick for Blog updates
Mail Chimp Form
Field Label (what is this form about): GDPR and Marketing Permissions
Description of your form: We’ll use the information you provide on this form to be in touch with you and to provide updates and marketing. Please let us know all the ways you would like to here from us.
Options: Email, Direct Mail, Customized Online Advertising (she changed to Email Marketing Tips, Visual Content Tips, Blog Updates, Relevant Offers
Legal Text: You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at. We will treat your information with respect. For more information about our privacy policies and practises click here. By clicking below, you agree that we may process your information in accordance with these terms.
GDPR Compliance 2018 Summary – 10 steps to avoid fines.
MailChimp and GDPR: How to Set Up GDPR Signup Forms
Is your website GDPR Ready? Follow this 7-step Checklist
What is GDPR
GDPR is the rules and regulations on how we collect and store personal information from anyone within the European union.
This is about 25% of the Internets users so a large market that will effect everyone
The history and name of GDPR
GDPR stands for General Data Protection Regulation and replaces the Uk Data protection Act 1998
This new regulation comes into enforcement 25th May 2018
Why should I care ?
If you do not comply with the new regulations you could face a fine of up to 20 million pounds, or 4% of your turnover
Also on an ethical level we should care about how we treat someone else’s personal information.
What counts as Personal Information
Personal information is the name, phone number, email address, place of work, images, gender and basically anything that identifies a person.
How do I make sure I comply with the regs.
Here’s an outline with a summary below.
First of if you store any information the person must opt in for it to be stored.
That means a check box or a click of a button to confirm consent.
If you have information on people before the 25th and they didn’t tick for their information to be stored, resend an email asking if it is ok to store with a link to the policy. No reply by the 25th May delete the information
Store information securley
If you do collect information, let’s say an email address and name, how are you storing that information.
If you print of the name and number then that will need to be under lock and key, and this process needs to be written down
What will you do with the information
If you arn’t going to be doing anything with it, don’t have it.
The privcay policy should be written in plain english for the person reading to be able to understand, examples can be added to help explain jargon words you may need
You should have contact informaiton at hand if someone want’s to cancel
Know the person’s rights
If you store data the person can ask for information on what information you have on them.
You must provided this information within 1 month and free of charge.
If they want the information to be delted you must delete everything.
What you do to comply.
Make sure any information you want to collect has an opt in form. The person must click that they want to recieve marketing information or for their contact information to be stored.
What information do we collect about you
Why we need that data
How long will we store that data
Access to your information (include contact)
Cookies notice (also have a separate page for you cookie pop up to link to)
Have a cookies page (this is for your cookie pop up) – Also have a cookie pop up if you track peoples cookies
Make sure your website has a SSL certificate (green padlock in front of website name)
Have a process on how you store the data – example we store the name and email on gmail and a spreadsheet, the spreadsheet is on one or more computers ? we also print of and store in a locked folder
Have a process to delete – example we delete from gmail and the spreadsheet, we shred the folder. If the spreadsheet is on one or me will that be deleted to ?
Have someone in charge of this – all data must me organised and accounted for, this can keep time to track and have a system in place
You will need all of this if you get put under investigation and you can’t provide evidence of this (and it will become pretty apparent you do or don’t) which can lead to a fine of 4% of your turnover up to 20 million