A guide to GDPR and what to do to prepare
What businesses will it affect?
If you’re collecting, storing or using personal data of EU citizens, you will be affected by GDPR, irrespective of where you are based.
Here are the areas that are most affected by GDPR:
- Email marketing
- Marketing automation
- Third-party compliance
- What do I need to do to prepare?
Get permission and ‘repermission”
Make the task of “giving permission” as easy, transparent and painless as possible
Here are a few design principles that might help you to better understand how to ask for permission:
- Active opt-in – When asking for permission it’s imperative that you use an opt-in form and avoid any pre-ticked boxes as these are considered implied consent and not freely given. Explicit consent means that the user will need to tick a box to give you permission to send them further information.
- Informed – Consent should be clear, concise and specific. So avoid jargon or ambiguous language.
- Named – Permission should provide clear information about the processing organisation and information about any third-party involved in data processing.
- Easy to withdraw – Make it simple for users to withdraw consent and opt out of your email lists, if they wish to do so. Also tell them how to do it.
- Separate – Keep consent requests separate from other terms and conditions or privacy notices. For example, when someone downloads an ebook from your website, you’ll need to have a separate box that users need to tick to subscribe to your emails. Signing up for emails is optional – they can always download the ebook without subscribing to your emails.
- Centralise your personal data collection into a CRM system
- Keep evidence of consent
- Store data securely
Where can I find more information about GDPR and its impact?
Original Source Heart Internet