GDPR: 6 Steps for Easy Compliance
While we’ve done extensive research on GDPR, we’re not lawyers. We highly recommend that you contact an attorney for guidance on making your business GDPR compliant.
If you were recently inundated with emails from retail chains and websites letting you know that they’ve updated their privacy policy, you’ve experienced the effects of GDPR. GDPR is a European law that was recently put into effect that protects the rights of European Union citizens and their data online.
While many American companies opted to ignore these laws initially, they won’t be able to for much longer.
California may soon become the first state to enact a similar law, signaling the spread of GDPR standards throughout the United States. The ballot measure will be voted on in November 2018, and wide spread implications are expected.
If your business has a chance of interacting with Europeans or Californians, now is the time to get your business up to GDPR standards.
What is GDPR?
This infamous acronym stands for General Data Protection Regulation – but we’ll stick with GDPR.
At its most basic form, the guidelines are intended to force transparency in businesses with what data they’re collecting from consumers and give European consumers the right to say “no” or remove their personal data from the internet if they choose.
Post-GDPR, businesses must now have “explicit consent” from consumers to collect their data.
What do I need to do now?
Step 1: Establish a Data Protection Officer.
This is someone in your business who knows what kind of data is being collected and how it’s being used.
Step 2: Audit all data being collected.
Go through all data that you’re currently collecting on your clients. This data may be in the form of contact form fills from your website, cookies used for remarketing, or email newsletter sign-ups.
Pay special attention to any “personally identifiable information.” That can include names, phone numbers, email addresses, and IP addresses.
Then, record how that data is being stored, what it is being used for, and who has access to it.
To assist you with this step, we’ve put together a GDPR Data Audit Worksheet. This worksheet will walk you through what questions you should be asking about the data you collect.
Step 3: Establish a way for consumers to request the removal of their saved data.
As a business owner, you must now have a way for any consumer to find out what data has been collected on them and let them know how to remove the data associated with their person if they choose.
Step 4: Update your privacy policy.
This is where you disclose to consumers the information from the worksheet:
- What information is being collected
- Where it is being stored
- What will be done with it
- Who has access to it
- How they can delete the information if they choose
Step 5: Let everyone know you’ve updated your privacy policy.
Now that consumers need to provide explicit consent, you will need to let them know that your privacy policy has changed and they need to provide consent if they choose to interact with your business.
Step 6: Monitor the future of GDPR and California’s proposed law.
GDPR and the proposed California law are broad, giving general guidelines to protect people’s data. Like many laws, they will be refined and amended in the coming years. It is important to stay on your toes and adapt your plan accordingly.
We’re Here for You
The internet’s policies, protocols and uses are always changing. By partnering with a marketing company that has decades of experience, you’ll be able to keep your website up to date and in compliance. Whether new GDPR regulations are developed or you need to ensure your website and forms are HIPAA compliant, finding a web development and marketing company to partner with is key.
Proclaim has been bringing solutions to digital problems for over 20 years. As the internet develops new obstacles, we find functional solutions using proven technologies. In the end, our unwavering focus on our clients’ goals is what keeps our gears turning.