The Super Simple GDPR Guide

by Marva Lord
photo credit Convert GDPR, courtesy of https://www.convert.com/GDPR/

Becoming, and continuing to be, GDPR compliant is an ongoing process, and more demanding in terms of time and resources, than anticipated, for many small business, creatives, freelancers, nonprofits, and other types of groups who weren’t as visible perhaps in the planning of the evolution of the GDPR law. GDPR compliance is now a greater part of our lives, and is an opportunity to review our way of caring for information about customers and the people we work with.

Breathe. Give yourself an hour, or more if you like, but relax with this. Read my post for some tips and check out my Google Drive panic-free link for a few  tools that might be useful.

Please keep in mind that I’m not a lawyer. Also I don’t work for any of the folks I recommend, but I like the way they’ve tried to create useful tools and explain things simply.

Where to start?

1. First, determine if you need to be compliant, if you haven’t yet. 

A couple of good resources to help you with this are:

The ICO’s data protection self assessment page at
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/

The free 3 minute test at Culture Republic’s GDPR Hub
https://www.culturerepublic.co.uk/goodpractice/

It might feel a bit like the Hitchhiker’s Guide to the GDPR Experience.
That’s not a bad thing. Keep an open mind
2. Create a clearly written, simple to understand Privacy Policy, Cookie Policy, and Terms of Use or Service for your website
Some websites combine Privacy and Cookie Policy in one page
You must include your customer, email list members or website visitors right to be forgotten and easy ways for them to change their details on mailing lists. You’ll find some useful links to help you in the Useful Web Links doc in my Google Drive folder.

 

Next Steps
Do a data audit.
01 Start with this
Make a list of the type of data you receive from people in the course of doing business.
02 Afterwards do this
List how you receive the data, how you receive consent to have the data, where and how you keep data secure, who is responsible for the information you have in your database
03 Then do this
Review your suppliers (data processors). Are your apps or other data processors where you may store or exchange customer data, GDPR compliant eg. Mailchimp, Constant Contact, WordPress, Google, Eventbrite, Siteground, Heart Internet, Facebook, Twitter, Instagram, Whatsapp, and the many others out there
04 Be Prepared
If the personal information of others that you hold were breached, what would you do?

Make a data security plan and write it down.

Breach of security must be reported within 72 hours to affected people and the data protection agency in your region. Include in your plan, who is in charge of the data and is the person to contact in case of a breach

05 Remember to share the knowledge
Ensure that everyone who works with you, knows your GDPR Compliance information, in particular details of what to do in case of a data breach, how to make sure anyone on your email list is able to have their details removed or changed quickly and easily
06 Keep a fresh perspective
Update your Privacy Policy, Cookie Policy and Terms of Use or Service regularly. Keep learning by joining groups such as the one run by lawyer Suzanne Dibble, https://www.facebook.com/groups/GDPRforonlineentrepreneurs/

While the GDPR becomes law on May 25, 2018, this is only the beginning. Kind of like driving, you’ll just keep getting better by staying sharp and up to date on any future developments towards more secure, engaging and transparent ways of doing business.

07 Get in touch

If you need help, please don’t hesitate to contact me. My virtual admin services cover a range of skills including website development, email list and social media platform setup and support, among others. I provide services by phone, email and online through Skype and Zoom. I can be reached through my website or phone 011 44 1497 700255