May 25th came and went this year. Still, some of you have absolutely no clue what GDPR is. Better yet, if you do know, you don’t know how to be GDPR compliant. Now, this is nothing new. The preparation grace period ended and now everyone is either on board, scrambling to comply, or you guessed it still lost.
In this article, I will share some straightforward ways to GDPR compliance bliss. But first, let’s define GDPR.
GDPR or the General Data Protection ACT is a global protection law passed that allows consumers to keep ownership of their own data. The law applies to businesses and all that work with those entities who work with customer data in Europe. So what kind of data falls under the GDPR? Pretty much any data collected. Data collected is no longer inclusive to socioeconomic, psychological, religious, even genetic data now falls under GDPR.
Regardless of whether you do business in the EU or not GDPR is a far-reaching global policy. The first step in compliance is secure customer consent.
Steps to secure customer consent. Here is how:
- Make sure that consent is separated from terms and conditions and is worded clearly.
- You positively ask for consent and do not have pre-checked boxes or default consent active.
- Be clear on what data you ask for, what you are collecting it for and why.
- Be specific each time you collect data you should be asking for consent each and every time
- Be transparent about the company and any third party companies that will be using your customers’ data.
- Is the option to withdraw consent clear, easily available, and recognizable by your clients.
- Make sure customers can refuse consent without hassle.
- Here is a big one, avoid making consent as a precondition for a service.
- If your business serves minors make sure that an age verification measure has been implemented in the consent process.
- If you still have no clue, always, always ask for consent!
Does this seem like a daunting task? Hire an expert. Some SEO experts are also becoming GDPR experts and compliance officers. There are also data protection officers that you can hire if you have a fairly large small business with lots of data to process.
Conversely, you can do a Data Protection Impact Assessment (DPIA). A DPIA is an audit that on the process and procedure of how data is collected, how is it used, stored, and processed. The audit determines risks and evaluates wherein the processes you may have issues.
Ideally, either through an audit, an external officer, or an internal officer, you can prepare in case of data breaches. You should have a system in place in case of breaches.
Your GDPR team or if you are riding solo should be able to identify risks. Set up systems so that you can recognize personal data breaches. Don’t forget that breaches are not inclusive to loss or theft. Breaches can include corruption of data, access of nonauthorized users, or you sent data to someone by accident and many other mishaps. For this, you will need a quick and actionable response plan. In that plan also identify who is responsible for what. Whether it’s notifying the authorities or the client have a response plan in place.
You still have time to be GDPR compliant. Although you are past the deadline it’s never too late to start protecting your customers’ rights and personal data. Full compliance takes weeks. It’s not something you do overnight. If you have a full team appoint someone as the DPO. If you are flying solo make sure to get information directly from the source and find out what processes when collecting data need to be compliant.
Make a checklist that you can apply to each data collection process that needs consent.
If you are still contemplating to take on this GDPR overhaul, don’t hesitate. GDPR laws will soon be in effect in the states you can count on that. If you don’t believe me at the time I wrote this post just hours before California is enacting a mini GDPR of their own.
Given the delicate nature of GDPR, make sure to go to resources that can give you more detail regarding GDPR. What can I do to help you understand GDPR in your play area? Are you a blogger and don’t understand how GDPR affects you? What about a soloprenuer with a t-shirt company, how can it possibly affect you? When in doubt just ask! Setup a discovery call with me and I’ll refer you to some great resources and experts in the field that can make sure you are GDPR compliant. Click Here.