It’s Here

Standard

gdpr_checklistGDPR went into effect on Friday.  A friend and colleague has posted an excellent piece about GDPR and what you need to do to be ready.  Chris Chase is well known in the MSP industry.  He is a respected business owner and the creative genius behind his company, Directive and JoomConnect out of Oneonta, NY.  Chris publishes some truly excellent content and when I saw his latest post, I asked if I could repost it and link back to his original post.

Included in Chris’ post is a free download of a privacy policy template that encompasses language required for GDPR compliance.  I highly recommend you give this post a read and check out the video and links thoughout the post.

With permission, I have copied the post here for ease of access.  You may refer to the original post here.

GDPR was introduced by the European Union, but it applies to businesses all over the world, especially if you could potentially collect personal data from a person residing within the EU. We feel, as a business, it’s important to safeguard personal data of your prospects and customers, and think the GDPR is a big step in the right direction to provide transparency and understanding to your users.

The key elements of the GDPR are the following:

  1. You must process personal data in a way that is lawful, fair, and transparent.
  2. You must only use personal data for the specific purpose that you have declared.
  3. You must collect only the minimum amount of personal data required to achieve your stated objective(s).
  4. You must take all reasonable steps to ensure that any data you collect is accurate and kept up-to-date.
  5. You may only hold personal data for as long as it is required to achieve the stated objective(s).
  6. You must process personal data in a way that ensures appropriate security.

There is a lot to the GDPR (it’s over 255 pages long), but we’ve found a lot of the concepts make sense. Chances are, if you are handling your marketing and the data you collect as white-hat as possible, you are already mostly there.

Want to Update Your Privacy Policy?

We’ve also built a template that our clients can use as a starting point for their privacy policy. We took into consideration the services most of our clients use and how we advise using them.

Click here to download our free privacy policy template.

A few big things to look out for:

Automatic Opt-Ins are Not Okay

If you have Newsletter or ‘More Information’ checkboxes pre-ticked on forms, that is not enough to be considered an opt-in.

Enable SSL

If your website doesn’t have SSL, reach out to us and we’ll provide you with a free one under your hosting agreement. You can also purchase one, but for non-ecommerce sites, the free SSL is a good alternative.

Check Your Lists

It never hurts to run the occasional re-opt-in campaign to ensure you aren’t sending unsolicited emails.

Updating Your Privacy Policy

You’ll want to be as transparent as possible in your privacy policy. We’ve included a template to work off of, but don’t assume it is ready to publish for your business. You’ll want to review it with your lawyer, along with the rest of the GDPR. Updating your privacy policy alone going to make you compliant.

Document Any Extra Tracking/Analytics

We’ve covered the basics that we apply to most of our clients – Google Analytics. If you use a third-party service for tracking analytics or metrics on your website, or you have other scripts that collect data, you’ll need to make sure that it is applied to your Privacy Policy and that those services are GDPR compliant.

Check With Your Host

If you host the website yourself or use a third-party besides us, you’ll need to make sure they are GDPR compliant.

It Doesn’t Stop There

Be sure to review the GDPR to determine if you are within its scope and to ensure that your business is compliant. This will involve reaching out to any vendors that you might share or transfer data to and reviewing their policies, and making sure you are protecting any personal information you collect.

You can learn more about the GDPR by checking out the official site: https://www.eugdpr.org/

You can also read the original regulation here: http://eur-lex.europa.eu/eli/reg/2016/679/oj

There is also a great breakdown of the GDPR here: https://gdpr-info.eu/

Disclaimer: We’re Not Your Lawyer

Please be advised that Directive is not your attorney, and this information is not legal advice. This information does not provide, nor constitute, and should not be construed as, legal advice. It is for educational purposes only and is not to be acted or relied upon as legal advice. Use of this information does not create any attorney-client relationship between you and Directive. The information does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney representing you in your jurisdiction. Applying or asking us to apply the privacy policy template to your website does not make us responsible in any way for the accuracy of the content or your compliances. You should seek advice from your legal counsel to determine your legal obligations.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.