GDPR What We Know About It

Posted on - 18th May, 2018 | Posted By - E4K

e4k logo

We’re here to help you with GDPR.

GDPR made simple by e4k.

After 4 years of preparation and debate, on 25th May 2018, a new directive from the EU comes into operation and effects the way we collect, store, share and use personal data. The General Data Protection Regulation or GDPR for short replaces the current legislation that is in place for each of the member states. In the UK it replaces the Data Protection Act 1998.

With fines for companies who do not comply with the legislation, there have been a lot of companies worrying about compliance. e4k has done a lot of reading and research into GDPR and we’re here to help make sure our clients understand their responsibilities and to offer them our services to keep them on the right side of this new law.

Having said this we are not lawyers and we recommend that if you are unsure you check with your own legal team and get your terms and conditions checked out before approving them for posting on your website.

documents

From our research the following questions should be considered when writing a privacy notice:

• What information is being collected?
• Who is collecting it?
• How is it collected?
• Why is it being collected?
• How will it be used?
• Who will it be shared with?
• What will be the effect of this on the individuals concerned?
• Is the intended use likely to cause individuals to object or complain?
• How can a client change their consent?
• Where is it stored?
• What security measures are you using to protect data?

The answers to these questions can be included in your terms and conditions. We can create a page on your website for this and add a link to your Homepage footer or somewhere else where it is easily accessible.

two people in discussion

Your clients must “OPT-IN”

One of the main points of the act is that when you keep someone’s personal data they must be told exactly what you are storing, why you want/need it and how you intend to store and use it. Any tick boxes must be initially unticked and must be opt-in and you can no longer have a box for opting out.

At any given point in time, an individual has the right to request from you the information about when and how they opted-in to your data list and what wording was used at the time they chose to sign up. Therefore, it is imperative that you keep records of the date and method that a person gave their consent. If you change any of your terms and conditions relating to the data you keep, you must be able to present them with the version that was current on the date they consented to their data being used.

eye glass monitoring codes

What about the data you already hold and existing clients?

Unless you already had the foresight to explain everything and had an opt-in option when you first collected the data, you will have to get in touch with people in your current data lists and ask them to give consent for the use of their personal data. They must also have the option to ask to be removed from your lists.If you do not hear back from someone whose information you are storing they have not opted-in and therefore will have to be removed.

Manchester United has set up a page on their website, asking users to ‘re-subscribe’ to their email notifications. The new form is designed to demonstrate the club is clearly willing to ensure that everybody they choose to email after the introduction of GDPR, has made a clear and conscious effort to stay up to date.In recent home matches, advertising hoardings around the pitch have been seen inviting people to sign into their account and re-give their consent.

Most SMEs will not have the same spending power as Manchester United but a simple email and a follow-up email a few days later with a link to a page on your website where people can resign or opt out of your mailing lists will be sufficient.

cookies

GDPR and cookie policies

Cookies are pieces of data left by websites on people’s devices to help improve their experience. They do generally use personal data per se but may be considered as a way of identifying who is using the computer and forming a personal profile of the user.
It is, therefore, good practice to include a cookie policy in your terms and conditions of use where the user is told they can opt-in to receive cookies before visiting the site.

diagram

What we can do for you

  • Make a terms and conditions page and a link from your homepage
  • Create a sign-up page for people to opt-in to your mailing lists
  • Design and send a newsletter with links to your sign up page
  • Anything else you feel is necessary to be compliant

e4k Digital Agency is happy to help

If you want to stay GDPR compliant, get in touch today, email us with your requirements websupport@e4k.co or if you’d like to chat about your options call the office on 0121 66 66 534.