Your easy solution for GDPR Privacy Policy compliance.

GDPR or Gosh Darn Pain in the Rear!  Here’s a brief outline for small to midsize US based online businesses.  May 25, 2018 passed and online commerce goes on!  After weeks of emails with new GDPR privacy policies are you wondering it it’s too late?  You’re not, and we’ve got something to help you.

What do you need to do now?

There is ample information about GDPR online.  You want straight forward, practical, easy to implement advice.  Here it is.  You have two options.  Block anyone with an EU based IP address from accessing your website or online services, a bit short sighted. Or, rather than eliminate a few hundred million potential customers, simply update to your Privacy Policy and take some simple steps to document how you deal with data.

Your simple steps to GDPR compliance.

1. Conduct a data audit.  Think about all the data you collect and use.  A big picture overview of what you do. You should look at what data you collect, legal reasons for collecting, how you use it, how you store it and for how long.  GDPR doesn’t just relate to digital! It covers paper files such as employment and credit applications, customer intake forms, etc.

2.  Create a flow chart on how data flows through your business from origin to deletion and who has access. This helps you find potential security risks.

3.  Use the flow chart to determine your data security and potential risks.  Look at both digital and physical security risks.

4.  Privacy Notices.  You must alert EU data subjects, such as customers, users, subscribers, employee, etc. about how you use their data.  Your notice can be ‘layered’ – a short notice for online forms, call centers, etc. with link primary policy.  You must provide the Privacy Notice at the time you collect data – before they hit the ‘submit’ button!

5.  Set up your policies for Privacy, Data Protection & Retention and Data Breach Policies.

6.  Train your staff.  Anyone collecting data must know the rules.

7. PIA =  Data Privacy Impact Assessment.  You must complete PIA before any project that involves “high risks to the rights and freedoms”, such as an email campaign relying on monitored use of your services or website. This is basically the first 3 steps above with a risk analysis.

8. Verify that third party vendors protect data – a use for that flood of emails from services you use.  Also review existing contracts with developers, consultants, or anyone with access to your data.

9.Keep good records!  Under GDPR you must ‘demonstrate’ compliance if ever an issue.

Your Simple DIY GDPR Privacy Policy Template and guidance.

Want a bit more guidance and detail.  We’ve created a basic GDPR compliant privacy policy template for small to mid-sized US based online businesses. In less than 10 minutes you can have an updated privacy policy on your website.  It includes additional guidance on the above steps and FAQs.  PS, for readers of this blog, it is on sale, $100 off until Friday.

For more in depth insight about legal issues effecting your business, sign up for our free newsletter.

Until then, Keep it Legit!

Bob