THE GDPR Is Coming!
We’re only a few days away from the GDPR going in to full effect. This is a new regulation being enforced by the EU to ensure that each and everybody’s data is respected and not abused by data collectors and processors. In Australia this will also have an impact for those of us who work with EU based clients and contacts and it’s very important that you take the correct measures to ensure you are compliant.
So, what does that mean and look like, especially for Australians?
There’s been a lot of information available about the GDPR and its compliance requirements, you don’t have to go far to find it. Only problem is there is a lot of information that’s very vague and there’s a lot of information that can make you feel quite overwhelmed and confused.
The General Data Protection Regulation (GDPR) is a digital privacy regulation that will come in to effect on 25th May, 2018. It standardises a wide range of different privacy legislations across the EU into one central set of regulations that will protect users in all member states.
While Australia is excluded from the EU, it does affect any business we do with EU Members who are clients, or Australian businesses that promote their products and services to the EU (including the UK) additionally it will be good practice to roll this out now and be covered should Australia ever decide to follow the EU and USA who will be the next to move.
Still confused?
To put it simply, companies will now be required to build privacy settings into all their digital products and their websites – They will need ensure that these settings are switched on by default.
Companies also need to regularly conduct privacy impact assessments, strengthen the way they seek permission to use the data, document the ways they use personal data and improve the way they communicate data breaches.
So, as stated above if you have clients or subscribers from the EU nations, you will need to comply. It’s a simple as that.
This will mean
- Your website forms will need an overhaul and update. An opt out setting no longer cuts it. You will need to gain permissions from each subscriber on what news they would like to receive from you.
- A communication must also be sent to current subscribers to obtain permissions on what they would like to receive.
- You will need to update your Privacy Policy and have it clearly displayed throughout your website. This must now include the steps you have taken to become GDPR compliant.
- You must provide a form on your site to allow your subscribers to opt out. This form should allow for two things: The right to be forgotten – This allows the subscriber to request their information be removed from any list they may be a part of. AND The ability to request that their data is extracted and sent to them as part of the removal process.
- You will also be required to alert and give options to first time visitors to your site that cookies are activated. It is no longer acceptable to just alert them however, they must be given the option to accept or decline before using your website.
What you should do
If you are working with a marketing agency, they should have discussed this with you and be working on your compliance as a matter of importance and priority. If not, you will need to contact them so they can work quickly through this process for you.
If you look after your own marketing and development in house then you might want to consider outsourcing this work. Please feel free to contact the team at Menace Group who would be happy to assist and ensure your compliance for the GDPR.
There’s not much time, so you will need to act quick.