GDPR went into effect on Friday. A friend and colleague has posted an excellent piece about GDPR and what you need to do to be ready. Chris Chase is well known in the MSP industry. He is a respected business owner and the creative genius behind his company, Directive and JoomConnect out of Oneonta, NY. Chris publishes some truly excellent content and when I saw his latest post, I asked if I could repost it and link back to his original post.
With permission, I have copied the post here for ease of access. You may refer to the original post here.
GDPR was introduced by the European Union, but it applies to businesses all over the world, especially if you could potentially collect personal data from a person residing within the EU. We feel, as a business, it’s important to safeguard personal data of your prospects and customers, and think the GDPR is a big step in the right direction to provide transparency and understanding to your users.
The key elements of the GDPR are the following:
- You must process personal data in a way that is lawful, fair, and transparent.
- You must only use personal data for the specific purpose that you have declared.
- You must collect only the minimum amount of personal data required to achieve your stated objective(s).
- You must take all reasonable steps to ensure that any data you collect is accurate and kept up-to-date.
- You may only hold personal data for as long as it is required to achieve the stated objective(s).
- You must process personal data in a way that ensures appropriate security.
There is a lot to the GDPR (it’s over 255 pages long), but we’ve found a lot of the concepts make sense. Chances are, if you are handling your marketing and the data you collect as white-hat as possible, you are already mostly there.
A few big things to look out for:
Automatic Opt-Ins are Not Okay
If you have Newsletter or ‘More Information’ checkboxes pre-ticked on forms, that is not enough to be considered an opt-in.
If your website doesn’t have SSL, reach out to us and we’ll provide you with a free one under your hosting agreement. You can also purchase one, but for non-ecommerce sites, the free SSL is a good alternative.
Check Your Lists
It never hurts to run the occasional re-opt-in campaign to ensure you aren’t sending unsolicited emails.
Document Any Extra Tracking/Analytics
Check With Your Host
If you host the website yourself or use a third-party besides us, you’ll need to make sure they are GDPR compliant.
It Doesn’t Stop There
Be sure to review the GDPR to determine if you are within its scope and to ensure that your business is compliant. This will involve reaching out to any vendors that you might share or transfer data to and reviewing their policies, and making sure you are protecting any personal information you collect.
You can learn more about the GDPR by checking out the official site: https://www.eugdpr.org/
You can also read the original regulation here: http://eur-lex.europa.eu/eli/reg/2016/679/oj
There is also a great breakdown of the GDPR here: https://gdpr-info.eu/
Disclaimer: We’re Not Your Lawyer