• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Bob Schrader, Esq.

Ask Bob Now!
  • Home
  • About
    • How Bob can help you!
  • Blog: Keep it Legit!
  • Shop
    • Online Consigliere
    • Cart
    • Checkout
    • My account
  • Contact Us
  • Bulletproof Your Online Business™
You are here: Home / E-commerce / Easy GDPR privacy policy compliance for US based online entrepreneurs.

June 5, 2018 By RGSchrader

Easy GDPR privacy policy compliance for US based online entrepreneurs.

GDPR Privacy Policy Compliance
GDPR Privacy Policy
Photo by ev on Unsplash

Your easy solution for GDPR Privacy Policy compliance.

GDPR or Gosh Darn Pain in the Rear!  Here’s a brief outline for small to midsize US based online businesses.  May 25, 2018 passed and online commerce goes on!  After weeks of emails with new GDPR privacy policies are you wondering it it’s too late?  You’re not, and we’ve got something to help you.

What do you need to do now?

There is ample information about GDPR online.  You want straight forward, practical, easy to implement advice.  Here it is.  You have two options.  Block anyone with an EU based IP address from accessing your website or online services, a bit short sighted. Or, rather than eliminate a few hundred million potential customers, simply update to your Privacy Policy and take some simple steps to document how you deal with data.

Your simple steps to GDPR compliance.

1. Conduct a data audit.  Think about all the data you collect and use.  A big picture overview of what you do. You should look at what data you collect, legal reasons for collecting, how you use it, how you store it and for how long.  GDPR doesn’t just relate to digital! It covers paper files such as employment and credit applications, customer intake forms, etc.

2.  Create a flow chart on how data flows through your business from origin to deletion and who has access. This helps you find potential security risks.

3.  Use the flow chart to determine your data security and potential risks.  Look at both digital and physical security risks.

4.  Privacy Notices.  You must alert EU data subjects, such as customers, users, subscribers, employee, etc. about how you use their data.  Your notice can be ‘layered’ – a short notice for online forms, call centers, etc. with link primary policy.  You must provide the Privacy Notice at the time you collect data – before they hit the ‘submit’ button!

5.  Set up your policies for Privacy, Data Protection & Retention and Data Breach Policies.

6.  Train your staff.  Anyone collecting data must know the rules.

7. PIA =  Data Privacy Impact Assessment.  You must complete PIA before any project that involves “high risks to the rights and freedoms”, such as an email campaign relying on monitored use of your services or website. This is basically the first 3 steps above with a risk analysis.

8. Verify that third party vendors protect data – a use for that flood of emails from services you use.  Also review existing contracts with developers, consultants, or anyone with access to your data.

9.Keep good records!  Under GDPR you must ‘demonstrate’ compliance if ever an issue.

Your Simple DIY GDPR Privacy Policy Template and guidance.

Want a bit more guidance and detail.  We’ve created a basic GDPR compliant privacy policy template for small to mid-sized US based online businesses. In less than 10 minutes you can have an updated privacy policy on your website.  It includes additional guidance on the above steps and FAQs.  PS, for readers of this blog, it is on sale, $100 off until Friday.

For more in depth insight about legal issues effecting your business, sign up for our free newsletter.

Until then, Keep it Legit!

Bob

Filed Under: E-commerce, Privacy Policies Tagged With: DApp, Data Protection, Data Security, Decentralized App, e-commerce, GDPR, General Data Protection Regulation, Internet Privacy, Law, Mobile App, Online business, Online Commerce, Online Entrepreneur, Online Services, Privacy, Privacy Data Protection, Privacy Policies, Privacy Policy, sole proprietor, Startups, Terms of Service

Photo of Bob Schrader, Esq.

Your Online Consigliere (legal and business consultant) to Startups, Entrepreneurs, Online & International Businesses.  Follow me on LinkedIn/Twitter/Google+

Primary Sidebar

Keep It Legit!

Get Bob's FREE newsletter to keep your business legal!

Your inbox is already full, so Bob sends legal insights & tips for your business about every two weeks. The newsletter is not legal advice. Please call or email to schedule a consultation for your specific question.

Footer

© 2017 All Rights Reserved
Creative Commercial Solutions Incorporated

 

Important Legal Disclaimer

Any information you obtain on this site is not, nor is intended to be, legal advice. You should consult an attorney for advice regarding your individual situation. We welcome your calls, letters and e-mail. Please note that contacting us does not create an attorney-client relationship. Please do not send any confidential information to us until such time as an attorney-client relationship is established.

Terms of Use

Privacy Policy

Copyright © 2021 · Executive Pro On Genesis Framework · WordPress · Log in