Spread the love
  
    
    

GDPR – a quick overview for your business.

Have you been wondering what all the talk about GDPR is about and if it will affect you?  Many of our clients will be affected by the GDPR, so here is a beginner’s guide to the new legislation.

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. However, it will also affect those outside the EU who have operations and customers there too.

Outside EU businesses with an establishment in the EU, or that offer goods and services in the EU, or that monitor the behaviour of individuals in the EU, may need to make some changes so that they are fully compliant. The GDPR and the Australia Privacy Act 1988 share many common requirements, including to:

  • implement a privacy by design approach to compliance
  • be able to demonstrate compliance with privacy principles and obligations
  • adopt transparent information handling practices

The legislation comes into effect on 25 May 2018 although it was approved back in 2016 (companies have been given 2 years to comply).

Consumers

The GDPR aims primarily to give control to consumers over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

  • It makes consent to consumer’s name, email and other data, optional
  • If there is a breach, the site/shop/organisation must notify the consumer within 72 hours
  • Consumers can find out where and for what their data is being used for
  • They can control how long their data is being held – even ask for it to be deleted
  • They can stop 3rd parties from using it

So, what do you need to do to make sure you comply?

  • Include conditions of consent and they must be clear and concise. Your visitors must agree to any collection of data.
  • Individually list conditions of consent and not bundle them together.
  • Customers should be able to opt out at any time easily and withdraw their consent.
  • Children under 16 must have a person with ‘parental responsibility’ opt-in on their behalf.

In a nutshell, what you should do if your customers are in the EU

  • Make sure your privacy policy is updated and clearly states what information you are collecting and how that information will be used.
  • Make sure your opt-ins clearly state what your customers are signing up for. Just telling them they will receive an eBook/course/video series is not adequate if their details are going to 3rd party software and you are going to be marketing to them.
  • Get a cookie collection consent pop up with your Privacy Policy clearly linked in that pop up stating that you are using cookies or other tracking technology. Make sure that consent is given prior to the setting of cookies in the users’ browser.

Here’s a simple flowchart to explain visually:

 

And remember, there will be huge financial penalties for breaking the rules – like up to 20 million euros for businesses.

If in doubt, please consult your solicitors especially when reviewing your privacy policy and terms.

 

Disclaimer:  This post is not legal advice and you should consult a solicitor for your business.

 

Like this article or found it helpful? Share it!

Join us for updates, tips and inspiration on Facebook, follow us on Instagram and check out our Pinterest images.

Do you need help updating your website for GDPR?  Profit from our expertise and contact us for advice today.

The following two tabs change content below.

Judith Shuttleworth

Judith Shuttleworth is the owner of HotsWots Digital and a Director of Open House ID, an app for real estate agents. We have a range of expertise in all aspects of digital marketing and provide personal customer service. Your success is our motivation.

Spread the love