Rameez Zafar (pictured) is CEO and co-founder at eligible.ai
GDPR should ALWAYS be on your radar, it’s not a quick fix thing. It’s about the ongoing management of your data ensuring your business is compliant, so you don’t get yourself into deep water with data fines. But what if GDPR an alien phrase to you? I’ve drafted below a quick guide and some pointers which I hope are useful.
What is GDPR?
In plain basic English, General Data Protection Regulation (GDPR) is how you manage personal data. It specifies how you collect, use and protect data.
Why should I care?
Ignoring GDPR won’t do you or your business any favours. It applies to ALL organisations operating within the EU. That includes businesses outside the EU who deal with those inside it. If you mismanage your data, triggering a personal data breach you can face a hefty fine.
The fines for violating GDPR can max out at €20m or 4% of global revenue (whichever is higher). And that doesn’t include clients right to claim themselves. So it’s a BIG deal to keep your data protection procedures tight.
Important note: the UK is in a transition period until the end of this year to negotiate a new relationship with the EU. During this period GDPR will continue to apply in the UK.
GDPR basic tips
1. Make sure you provide a privacy and cookie policy on your website.
2. Make sure online forms have a link to your privacy policy and display relevant disclaimers.
3. Be clear and give clients an option to Opt in and Opt out of communications.
4. Keep clear records of consent, by date, method and level of consent.
5. Make it easy for your clients to update their info with you.
6. Make it easy for your clients to request their data is deleted.
7. Don’t keep data longer than you need to or ask for data you do not need.
8. Have technologies and procedures in place to protect data, including detecting, reporting and investigating any personal data breaches.
9. Train your staff on data protection and procedures.
10. Make sure you have documented and informed individuals of how you use their personal data in a way that is clear and EASY to understand
Remember, GDPR isn’t about quick fixes. Compliance doesn’t stop when you’ve created a new privacy notice or uploaded one online. It’s an ongoing exercise. And don’t forget about keeping the data you have clean, try a data hygiene test.
Why you need a Privacy Policy
GDPR requires you to have a Privacy Policy.
The policy describes the personal data you gather, use, disclose, manage and collect on client’s and why you collect it. It tells users their rights and should also list all third parties data is shared with if applicable.
So if you collect data on your website, you are legally required to have a link to your privacy policy on your website and your app (if you have one).
It’s a legal agreement that explains personal information you gather from web visitors, how you use it and keep it safe and secure. So cover all bases and be upfront and clear about what you’re doing with the data you have.
Final Bonus tip If you’re not keeping your data up-to-date you’re losing business – it’s as simple as that. You’re making it so easy for competition to sweep in and steal