GDPR Compliance Checklist

There has been so much surrounding GDPR it can get confusing and frustrating wondering just where to start. 

What is GDPR? 

The General Data Protection Regulation (GDPR) is a European privacy law that came into effect on May 25th, 2018. The law regulates how individuals and organizations can collect, use and store personal data. 

The GDPR is all about your customers/clients data, how you obtained it, where do you store it, what is your plans with it, etc. In a nutshell, the law is all about transparency. Letting your customers/clients know what your intentions are with their data and if you are storing it securely. 

  1. Make a list of all the places you use to collect current or future clients information. This could be from Email Marketing Systems (MailChimp, ConverKit.), Cloud Based Storage Systems (GDrive, One Drive, Dropbox), CRM Systems (Hubspot, Zoho), Accounting Software (Xero, QuickBooks, FreshBooks), Payment Platforms (PayPal, Square), Website Hosting Platform (GoDaddy, Weebly, Wix, Wodpress), Analytics Tools (Google Analytics), or even from Social Media (Facebook, Facebook Ads, Twitter).  

** Remember you only need to protect yourself if this data is personally being collected by you, in most cases with Analytic tools of Social Media Ads, you are not actually given the data personally. But it is worth noting as you need to make sure that the 3rd party you are using DOES store the data in accordance to the GDPR

  1. Do you have a privacy policy on your website? You should. This is a document that explains all your intentions with any data you keep. What you do with it, where you store it and if you provide it to any other party.
  2. Check all your 3rd party systems to ensure they have updated their policies to be GDPR compliant. Most, if not all, of the larger systems you might use have updated their policies. However, it is always good to go through your list and personally ensure this has happened with each and every one of them. 
  3. Update your privacy policy with a list of all the tools, and systems you use that collect data. You don’t need to refer to them in your policy as a 3rd party, as that sometimes can be misunderstood, just clearly state the company and have a link to their privacy policy. 
  4. Do you have any cookie data? This is anything that you have on your website that tracks your visitors. Such as, Google Analytics, Facebook Pixel, Pinterest, etc. Add these to your privacy policy with details to the exact tool you use to track your visitors. 
  5. Take a look at your opt-ins.  Do you have a box for someone to tick saying they would like emails from you?  If someone signs up but doesn’t tick this box. They cannot be sent ANY emails from you or be added to your email list. 

Also, remember to take a look at your opt-ins transparency. Are you clearly explaining what they will receive if they sign up? Do you mention how frequent they will receive emails from you? Do you have a link where they can go view your privacy policy? 

  1. Do you share data with third parties? This will require another opt-in, asking for their direct permission for you to share their data. 
  2. Send an email to your current mailing list asking them to re-opt in. Your email marketing system might already have a template for you to use. Just make sure however you send the email that you clearly have an opt-in button and a opt-out button. 
  3. Finally, data encryption. Is the data you store encrypted? Basically you want to make sure that if anyone came across them that they wouldn’t have access. Ie: if your phone or computer was stolen. 

Remember, the biggest point to remember with the new GDPR policy is transparency.  As long as you’re being upfront and transparent regarding any and all data you collect you should have nothing to worry about. 

Leave a Reply

Your email address will not be published. Required fields are marked *