Return to site

Your 11th Hour  'Emergency' GDPR Guide

Getting your Strikingly website GDPR compliant

· Resources and Tips

Your 11th Hour GDPR Guide

OMG, it’s nearly here! Yes, the frantic concerns over GDPR are everywhere and now the day is nearly upon us. Are you prepared? Or do you wish someone one would just come along and make it easy for small business people like us? Your wish is granted. :D

11th Hour Emergency GDPR Guide

Time required: 30 minutes to implement

GDPR came in as a response to give individuals more rights and protection over their personal data. There are four main reasons why a company or organisation has legal grounds for holding personal data. They are: individual consent, legitimate interest, performance of contract, vital interest and legal requirement. 

What can you do so that your organisation can comply quickly at the 11th hour? 

Step 1.  Get Your Website compliant

Get your legal policies in place and visible. You need a privacy policy and, if you don’t have one already, a terms and conditions document. Get both of these done and up on your website so that it is public. Shopify have a lovely generator to build one quickly for you (2 minutes!). You’ll get an email with a link to your document. Review each of these and make sure they make sense. You may need to do some minor modifications (5 to 10 minutes) but you should be good to go fairly quickly.

You can also review my privacy policy here if you wish to copy mine (you’re very welcome). :D

Ensure your website forms are GDPR compliant. If you’re using Strikingly, complete the T&Cs and privacy policies (as above). Then turn on the ‘GDPR’ option in settings. You can see how to do that here (video) and read more about it here.

If you’re collecting emails using something other than Strikingly, check the company’s site for adding a GDPR option. You can find the one for mailchimp here. 

Not required but super cool: have a page which gives visitors and clients options on how to keep in touch with you. It’s super easy to do and is a lovely way to show visitors that you’re thinking of them. Check out mine here.

Step 2. Review Third Parties (DPOs)

Make sure you review applications you use that process personal data on your behalf (Data Processing Organisations, DPOs). You need to ensure they are GDPR compliant as well. Most big brand companies have strict controls over personal data, the likes of Strikingly, Google, Paypal, Facebook, Mailchimp, Eventbrite, etc. If you’re using any of these applications you should be fine but it is still your responsibility to ensure that they (and all DPOs you use) are processing your client’s data in a manner that is required by law. You can find Strikingly’s GDPR Compliance statement here.

Step 3. Review Personal Data Categories 

The general rule, for data protection principles, is to only store personal data for as long as is necessary, to store it securely and, when required, to delete personal data securely too. The legal grounds for holding personal data falls into 5 categories. Review each one.

1. Legal requirement: some services (solicitor services, accounting, etc) are legally required to hold information for a period of time. In this situation, you must hold data securely for the period required by law. This is not a new requirement so should not necessitate a new process for most people.  

2. Vital interest (of person) or public: typically in the case of medical professionals, personal data is held to help the individual.

3. Performance of contract: if you’re selling goods online or have people enrolled in training or a class, you may need their information to deliver that service. You can use this for the performance of contract but should get explicit consent to use it for anything further.

4. Legitimate Interest: this is when you use people’s data in ways they would reasonably expect and which have a minimal privacy impact. Perhaps someone’s done business with you in the past. They do not want your newsletter but they do expect to hear from you on matters that might normally be expected in the course of doing business. It is reasonable to assume that holding personal data for this type of communication is fine when it is balanced.

5. Individual consent: this is explicit consent given to you for the purposes of marketing or providing communication from your company. When you do not know someone, you should get their explicit consent before send them marketing information such as from an email newsletter. 

Items 1 and 2 are not new and do not apply to everyone. If you are handling this type of data, you should already be handling it securely.

Item 3 (Performance of contract) - have a policy in place to hold data for the performance of contract and, when completed, decide if there is an legitimate interest in continuing to hold their data or ask for their explicit consent and get them on your newsletter. Whatever you choose, make sure you have a policy in place and that it is clear.

Item 4 (Legitimate interest) - contact those people who fall into this category, invite them to review your shining new T&Cs and Privacy Policy (from above). This should be on your website now. Your policy should also explain their rights to have information removed, etc.

Item 5 (Individual consent) - if you’re marketing to people on a regular basis (such as with a newsletter), you need to get explicit consent. If you have a newsletter in place, make sure to ask them if they wish to continue to receive this. All major email marketing newsletters have templates available. If unsure how to do this and you are short on time, you can email your contacts directly and ask them to reply with a ‘yes’ or ‘no’ then update your database accordingly.

Step 4. Review offline devices and files

You also need to look at things like your devices -- your phones and laptops which contain customer data. Are their passwords, locks, security in place? Have you paper files? These matter too. As you do business, think about whether you’re handling personal data, if it’s secure, and whether there are controls in place to protect it. If the answers are yes, you’re good to go.

That’s it in a nutshell. Now, that wasn’t so hard was it? :D

If you want to receive my newsletter, make sure you sign up here

 

Wishing you much continued success,

Teri 
 

All Posts
×

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OKSubscriptions powered by Strikingly