GDPR or Gosh Darn Pain in the Rear! Here’s a brief outline for small to midsize US based online businesses. May 25, 2018 passed and online commerce goes on! After weeks of emails with new GDPR privacy policies are you wondering it it’s too late? You’re not, and we’ve got something to help you.
What do you need to do now?
Your simple steps to GDPR compliance.
1. Conduct a data audit. Think about all the data you collect and use. A big picture overview of what you do. You should look at what data you collect, legal reasons for collecting, how you use it, how you store it and for how long. GDPR doesn’t just relate to digital! It covers paper files such as employment and credit applications, customer intake forms, etc.
2. Create a flow chart on how data flows through your business from origin to deletion and who has access. This helps you find potential security risks.
3. Use the flow chart to determine your data security and potential risks. Look at both digital and physical security risks.
4. Privacy Notices. You must alert EU data subjects, such as customers, users, subscribers, employee, etc. about how you use their data. Your notice can be ‘layered’ – a short notice for online forms, call centers, etc. with link primary policy. You must provide the Privacy Notice at the time you collect data – before they hit the ‘submit’ button!
5. Set up your policies for Privacy, Data Protection & Retention and Data Breach Policies.
6. Train your staff. Anyone collecting data must know the rules.
7. PIA = Data Privacy Impact Assessment. You must complete PIA before any project that involves “high risks to the rights and freedoms”, such as an email campaign relying on monitored use of your services or website. This is basically the first 3 steps above with a risk analysis.
8. Verify that third party vendors protect data – a use for that flood of emails from services you use. Also review existing contracts with developers, consultants, or anyone with access to your data.
9.Keep good records! Under GDPR you must ‘demonstrate’ compliance if ever an issue.
For more in depth insight about legal issues effecting your business, sign up for our free newsletter.
Until then, Keep it Legit!