Watch the video below to learn what you should keep in mind (note that the following is not legal advice, and you should consult your own attorneys for what applies to your particular business) .
Key to the GDPR, individuals have the right to:
Access your personal data, correct errors and erase your personal data, object to the processing of your data, and even export it whenever you want.
This means for businesses that you will need to review and update your privacy policy and ensure that this policy is updated on your website. All tools used for tracking need to be indicated on the Privacy Policy (including Google Analytics and other tools, such as marketing platforms, SaaS, etc.) and also whether the tools used are GDPR compliant.
The Privacy Policy will essentially need to be able to answer the following questions:
-
- What information is being collected?
- Who is collecting it?
- How is it collected?
- Why is it being collected?
- How will it be used?
- With whom will it be shared?
- And what effect will it have on the persons concerned?
Also key is addressing notification of breaches: If there is a data breach, users you have access to need to be notified immediately.
In terms of governance, organizations must:
-
- protect personal data by using appropriate security,
- Notify authorities about data breaches within 72 hours,
- Obtain proper consent before processing data,
- and keep records detailing the data processing.
they will also need
-
- provide clear information on data collection,
- Outline processing purposes and use cases,
- and define data retention and deletion policies.
All organizations need:
-
- Personal and Employee Privacy Train,
- audit and update data policies,
- Create and manage compliant vendor contracts
It is also recommended for large organizations to appoint a data protection officer.
For businesses that have contact forms and email subscription forms on their websites, this may mean:
- Each form requires a checkbox where the user accepts the website’s privacy policy,
- And the privacy policy requires the user to specify how their data will be used, how and where their data will be stored and how it will be processed. This checkbox needs to be disabled by default (and not already selected).
- to obey the right to be forgotten
- A business must give the user the option at any time to ask for their data to be deleted – either the user profile or data that is submitted through a contact form or other form submission.
- Since a lot of websites use backup, the privacy policy needs to state that user data will be kept for 12 months for business and operational reasons.
- To comply with the right to download and change data
- The Website should also have a mechanism for users to download or change their data electronically.
Finally, you will need to make sure that everyone within your business understands how the GDPR works, and what your company’s procedures and policies are so that they can follow them accordingly. This includes team members in all departments including human resources, marketing, IT, finance and others, as it will impact operations for all.
,
Now that you know more about GDPR and how it can impact your business, please check out other recent blog posts covering useful inbound marketing tips.
If you liked this video, subscribe to the Umami Marketing YouTube Channel and Monthly Digital Marketing Postcards, I’ll be back in May to answer any more of your questions. See you again soon!
