Our Thinking

GDPR and you: Part 3

In our first two blog posts about GDPR, we covered what GDPR is, why it is important, and what some of the tactics are that you can use to ensure compliance, especially if you have a website and use Marketing Automation/Email Marketing Systems. In this post, we give you some guidelines around the updates to be made to your website’s privacy policy. The privacy policy should include information about how the data will be used, by whom and for how long. If you use a Marketing Automation system, you should include information around lead scoring or other workflows that would encourage purchase behaviour. More details below:

a) Update your Privacy Policy to reflect the following:

  • Increased transparency into the data/information captured by the organization. This may also include making it easier for the users to understand the information the business collects and why it collects that information.
  • Privacy rights of the users and how they can exercise them.
  • How the business collects, uses, shares and protect user’s personal data.
  • Explains how long information is retained, and how data transfers to the 3rd party are handled.
  • The legal basis that business relies upon to process user’s personal data.
  • If your clients include children, then raise the age restriction to use your services from 13 to 16 years.

b) Ensure you have a process in place to allow all users of your services the following by providing a form of  identification:

  • Request access to their data/information stored with the organization
  • Delete all personal data/information that is stored with the organization

Some businesses are referring to this as a “Privacy Centre”, a form of a more commonly used “Preference Centre”.

c) Assign a Data Protection Officer and provide their contact information so users may contact them with any questions or concerns related to data protection.

d) An updated cookie policy that explains the cookies used in the website. Adding a “cookie and consent” notification to the website (EU Cookie Law still remains in effect).

The above suggestions may not be a complete list of alterations to the privacy policy, however, it does cover a good 80-90% of what is required. For any questions, feel free to contact us.

Note: The above information is meant as a starting point to help you identify and implement the GDPR compliance. This is not intended as legal advice. Please contact a lawyer to see if there are legal risks to your business.