Starting 25 May 2018 all companies that process personal data of EU citizens are obliged to be GDPR compliant, this document serves as a guideline on how to make your clients GDPR aware.
What is GDPR?
GDPR wants to address the new ways of exploiting personal data through the internet and cloud technology. It also wants to give businesses a clearer legal environment in which to operate throughout the EU.
The GDPR introduces new accountability obligations, stronger rights and restrictions on international data flows. It gives people more say over what companies can do with their data.
The data that is protected by this regulation is all information about an identified or identifiable person. This can be his name, address, e-mail, but also a cookie, photo or ip-address. When you can use the data to find out who the person is, it is personal data and therefore protected by the GDPR. An organisation must do everything in its power to secure the data and have required procedures in place.
No panic! Just be aware and work towards being compliant
What can I do for my client?
Check with your client whether he collects and stores personal data. When he stores the data you need to make your client GDPR aware.
Your clients needs to understand the changes in collecting, storing and managing personal data and what they need to do in order to keep this data safe. The new regulation attaches great importance to transparency and holds companies responsible for safeguarding the collection, use and storage of individuals’ personal data. Personal data must be processed fairly and accurately, and can not be kept longer than necessary.
Companies are advised to ensure that they have detailed procedures to detect, report and investigate a personal data breach.
Use this roadmap to make your clients website GDPR Ready or use it as a plan to make your client GDPR aware :
- Audit his data: Find out what personal data is already held. Check for adequate consent. If not, delete the data or ask for consent. Keep in mind that pre-ticked boxes and soft opt-ins no longer count with GDPR. Show that you are doing your best to protect the personal information of individuals and minimize the chance that it will end up in the wrong hands.
- Update consent boxes: Create opt-in boxes to ask consent to store personal data. Explain very clearly why this data will be collected, how and for how long the data will be kept for. Start campaigns that will run to get people to opt-in again.
- Know your visitors rights: Make sure a visitor can view, edit, download and delete his personal data. Use our core plugin our on of our addon’s to help your clients with this step.
- Prepare for a data breach: Ensure the correct procedures are in place to detect and report loss or theft of personal data.
- Keep personal data safe: Make sure the data is kept on a secure server. When the data is also mailed or can be exported, make sure the person getting this info knows GDPR and keep a policy for this offline data.
- Appoint someone to own GDPR: Regardless of whether your client needs one, have someone take ownership of GDPR.
If you have any questions regarding GDPR just ask your question through our live chat support.