A Simple Guide to GDPR

On May 25th, 2018 there will be new EU laws for data protection online, the GDPR (General Data Protection Regulation) will ensure that all data protection laws across Europe are standardised and will avoid the confusion of different countries having different regulations.

What will this mean for companies? Primarily how you get someone’s information and what you’re allowed to do with it will be what changes. The main thing to keep in mind is the ‘subscriber rights’ as long as you don’t break any of these you will avoid the up to €10 million in fines!

Subscribers rights you must adhere too:
• Right to be forgotten: An individual may request that an organization delete all data on that individual without undue delay
• Right to object: An individual may prohibit certain data uses
• Right to rectification: Individuals may request that incomplete data be completed or that incorrect data be corrected
• Right of access: Individuals have the right to know what data about them is being processed and how
• Right of portability: Individuals may request that personal data held by one organization be transported to another.

What changes should you make to your site?
You will need to obtain consent from your subscribers and contacts for every usage of their personal data, the surest route to compliance is to obtain explicit consent. All sign up forms on your site must now be opt-in, even at checkouts. On each of these forms to make sure that language in the sign-up confirmation, is specific, and covers all possible reasons for using the information being solicited. Be very specific about the intended use of the information and how you will process it. You must also keep records of the consent given. On your emails, there should be easily accessible “unsubscribe” and “preferences” footer options so your subscribers can change consent as they wish. Finally, you must inform visitors to your page about any cookies you have running.

What should you do with Existing client data?
You must ask people to resubscribe, unless you have proof they did so knowingly and according to GDPR guidelines. Maybe offer an incentive to get people to resubscribe if you can, something like a Discount code or free shipping on an order. Any emails who have not resubscribed by the 25th must be deleted and you must stop contacting them or face a fine of up to €10 million.