Hey if you have data about your customers employees or suppliers then read this article because this law means that you could be at risk at getting fined 20 million euros.
Digital GDPR is a law that came into effect on the 25th of May 2018, this is gonna totally change how we store and use data and they’re gonna be pretty strict on it and you could get fined up to 20 million euros. So make sure that you’re doing everything, so that you’re compliant with GDPR. The problem is that a lot of information out there about GDPR is vague and full of legal jargon and it’s confusing. So, how do you know how to be compliant with GDPR? Luckily we broke it down into 10 tips you need to know to make sure you’re compliant to all the laws. The reason these new GDPR laws have come about is because the last time data protection laws were created was in the nineties since then there’s been a boom of technology like things like the internet and people feel that they’ve lost control of how their data is being used and stored, so the GDPR laws a positive thing because they’re allowing the everyday person to take back control of what data people have on them to make sure you’re compliant with GDPR.
The first thing you need to know is what data do you have on people and that leads me to tip number one. Store all of the data you have on your employees suppliers and customers in an organized fashion this is going to be helpful for two reasons, the first is that if a person said hey business what information do you have on me, you want to be able to get all of that information to them as quickly as possible and as accurately as possible so make sure all the data you have is organized.
Second reason that’s important is that if you were to ever be investigated by the GDPR, make sure that you’re showing that you know what data you have on everyone, so store it in a really organized way. Now what is data – Well personal data is any bit of information that you could use on its own or with another bit of information to identify a person so that’s going to include their name, their phone number, their telephone number, photos of them, their IP address. Make sure you know what data you have on people and identify that data is safely secured.
So what measures have you got in place to make sure that nobody could leak hack or misplace that data if you’re storing that data digitally.
What safety measures could you put in place? Could the information be up there in the cloud? Do you have antivirus software on all of your devices?
If any of your devices were lost, could you remotely wipe that data so, nobody could access it. Start thinking of these things because you want to make sure your data is always in safe hands. Similarly if you have hard copies of your data, are you securing that safely is it locked away?
Is it in a fireproof box? Are you making sure that no one could access that information, who shouldn’t be you also? Want to make sure you record in the risk assessment, so actually write down what safety measures you’ve gone, to make sure that dates are safe. This is going to make sure, everybody in your team knows exactly what’s happening and should you ever be investigated you’re showing that you’ve already taken necessary precautions.
Tip three, for being GDPR compliant don’t hold on to date up unnecessarily so this is a big one that’s coming to their laws. You can’t hold on to data, if you don’t know what you’re going to do with it. You need to be totally sure of why you’ve got someone’s name or email address. So, don’t hold onto data just in case it might become handy in the future.
Tip 4, is you want to have a really clearly written fair processing policy. This is something you’re likely to already have in this form of a privacy policy, so something you might be familiar with it. Is it’s a document that really clearly explains, what data you’re going to be taking from people and how you’re gonna be using it every time somebody hands over a bit of data to you. You want to make sure that they have clear access to your fair processing notice GDPR have asked that this fair policy notice has no jargon and legally and waffle bits in there that could be ambiguous. So start with a blank piece of paper and just in layman’s terms say what are you gonna do with that information when right in this document here are some questions to keep in mind what information is being collected, who is collecting it, how is it being collected, why is it being collected, how is it going to be used, who will it be shared with, what will be the effect of this on the individuals concerned. Is the intended use likely to cause individuals to object or complain.
Tip 5, if somebody asks what information do you have on me do you have a process, so that you can easily give that to them. So, with the new law you have to be able to supply people with what information you have on them if they ask you have to supply this information within one month of the mask in and you have to do it free of charge so make sure you’ve got a process in place, so that you can quickly get all the information you have on them and send that over to them.
Tip 6, have a process in place where if someone asks you to delete all their data you can so. if someone ask you to delete all, so you have to. That’s part of the new law, so make sure you know where all of the information you have on them is so you can easily wipe that now let’s talk marketing and how the laws are going to affect that.
Tip 7, allow people to positively opt-in to you, having their data and using it for marketing purposes. So, what does this mean? It means that if you’re going to use someone’s data for marketing, they have to take some sort of action to say yes you can have my data and yes you can use it, for these reasons that’s known as positively opt-in. It used to be the case, that you would go on to a website and there would be a pre-ticked box that says yeah you can use my data for whatever that’s not the case anymore. People have to actively tick that box or take another action. Some good examples of getting people to positively opt-in is, having a tick box next to a contact form that says yes you can use my data and someone has to take that or to have a double opt-in. This is when an email comes through to their inbox that says, ‘click this button’ to be part of our mailing list all so that we can use your information for X Y and says if you’re collecting people’s information in person you could get them to sign something to say that they’re happy for you to use their data in this way or you could get them to take a box that says I’m happy for you to do this whatever. It is make sure that someone is taking an action and you have evidence that they did that.
Tip 8, try layered opt-informs this is something the GDPR, are of simplifying with and something I really like so they look a little bit like this. This layered opt-in form allows users to have easy access to understand their information and how it’s going to be used, but it doesn’t look messy instead they can click on a button and delve into more information if they’d like about how you’re going to use it.
Tip 9, if you’re using people’s information to send their marketing make it really easy for them to opt out of it. If you’re using emails you need to make sure, people can unsubscribe same with things like text messages and call services. Similarly if you’re sending people mail make sure that you’re writing something at the bottom that tells them how they can stop receiving this mail. The information for opting out should be really clear and really obvious, don’t use any small print also make sure you have a really strict policy on how you’re gonna make sure someone that opt-out doesn’t get any more marketing materials from you. This is where you could really fall short to GDPR law and get reported and that’s when them, twenty million euro fines are gonna come knocking at your door which we don’t want. so you need that policy if someone doesn’t want to receive anything anymore. Make sure everyone in your team knows that and then no longer receiving it.
Tip 10, is make sure all your team know about the GDPR laws, I would actually put this in an email again just to show GDPR that you’ll be in very conscious of the laws train all of your employees on everything, we’ve spoke about today because it’s just as important that they do it, so your whole business isn’t liable to be extra safe.
They’re all the tips that you want to go and implement straight away. Well if you’re gonna buy data maybe like a big list of everybody’s email addresses or phone numbers you need to make sure that the person that you’re buying that information from has been GDPR compliant. You also need to make sure that every single person on that list has actively opted in to receive information or have their data stored by a third party, so make sure you check with the person you’re buying this information. In the future can I pass on the data, I have on my employees suppliers and customers to the new business owner. Okay in this case you want to have an assignment within your fare processing notice. The assignment Clause, should really clearly state that if somebody else was to buy your business, the new business owner will have all that data that you’ve collected on someone. They will then own it and use it for the same purposes that you have. You also just want to make it really clear to the new business owner this is what we said we were going to use the information for and you can’t use the information for anything else, unless you contact everyone again and ask them to positively opt in what about all of the existing data I have on people can I keep this.