GDPR Compliance Checklist
What is GDPR?
The General Data Protection Regulation (GDPR) is a European privacy law that came into effect on May 25th, 2018. The law regulates how individuals and organizations can collect, use and store personal data.
The GDPR is all about your customers/clients data, how you obtained it, where do you store it, what is your plans with it, etc. In a nutshell, the law is all about transparency. Letting your customers/clients know what your intentions are with their data and if you are storing it securely.
- Make a list of all the places you use to collect current or future clients information. This could be from Email Marketing Systems (MailChimp, ConverKit.), Cloud Based Storage Systems (GDrive, One Drive, Dropbox), CRM Systems (Hubspot, Zoho), Accounting Software (Xero, QuickBooks, FreshBooks), Payment Platforms (PayPal, Square), Website Hosting Platform (GoDaddy, Weebly, Wix, Wodpress), Analytics Tools (Google Analytics), or even from Social Media (Facebook, Facebook Ads, Twitter).
** Remember you only need to protect yourself if this data is personally being collected by you, in most cases with Analytic tools of Social Media Ads, you are not actually given the data personally. But it is worth noting as you need to make sure that the 3rd party you are using DOES store the data in accordance to the GDPR
- Check all your 3rd party systems to ensure they have updated their policies to be GDPR compliant. Most, if not all, of the larger systems you might use have updated their policies. However, it is always good to go through your list and personally ensure this has happened with each and every one of them.
- Take a look at your opt-ins. Do you have a box for someone to tick saying they would like emails from you? If someone signs up but doesn’t tick this box. They cannot be sent ANY emails from you or be added to your email list.
- Do you share data with third parties? This will require another opt-in, asking for their direct permission for you to share their data.
- Send an email to your current mailing list asking them to re-opt in. Your email marketing system might already have a template for you to use. Just make sure however you send the email that you clearly have an opt-in button and a opt-out button.
- Finally, data encryption. Is the data you store encrypted? Basically you want to make sure that if anyone came across them that they wouldn’t have access. Ie: if your phone or computer was stolen.
Remember, the biggest point to remember with the new GDPR policy is transparency. As long as you’re being upfront and transparent regarding any and all data you collect you should have nothing to worry about.