A guide to GDPR and what to do to prepare

What businesses will it affect?

If you’re collecting, storing or using personal data of EU citizens, you will be affected by GDPR, irrespective of where you are based.

Here are the areas that are most affected by GDPR:

  • Email marketing
  • Remarketing
  • Marketing automation
  • Third-party compliance
  • What do I need to do to prepare?

Get permission and ‘repermission”

Make the task of “giving permission” as easy, transparent and painless as possible

Here are a few design principles that might help you to better understand how to ask for permission:

  • Active opt-in – When asking for permission it’s imperative that you use an opt-in form and avoid any pre-ticked boxes as these are considered implied consent and not freely given. Explicit consent means that the user will need to tick a box to give you permission to send them further information.
  • Informed – Consent should be clear, concise and specific. So avoid jargon or ambiguous language.
  • Named – Permission should provide clear information about the processing organisation and information about any third-party involved in data processing.
  • Easy to withdraw – Make it simple for users to withdraw consent and opt out of your email lists, if they wish to do so. Also tell them how to do it.
  • Separate – Keep consent requests separate from other terms and conditions or privacy notices. For example, when someone downloads an ebook from your website, you’ll need to have a separate box that users need to tick to subscribe to your emails. Signing up for emails is optional – they can always download the ebook without subscribing to your emails.

Update your Privacy Policy

GDPR says that your privacy information must be “concise, transparent, intelligible and easily accessible; written in clear and plain language, particularly if addressed to a child; and free of charge.” The Information Commissioner’s Office (ICO) provides more useful information on what should be included in a privacy policy so make sure you read it carefully. Then revisit and edit your policy accordingly. The idea is to use language that is simple and easy to understand, as jargon will not be acceptable under GDPR rules.

  • Centralise your personal data collection into a CRM system
  • Keep evidence of consent
  • Store data securely

Where can I find more information about GDPR and its impact?

Perhaps the most immediately useful resource is the ICO’s 12 steps to take now to prepare for GDPR. The ICO also has a helpline you can contact.

Original Source Heart Internet