Mobile nav
Ready to Boost your Company's Cybersecurity?
Protect, defend, and recover your company data on all devices with Norton Security Online.
GDPR comic strip
| - Small Business - Business Owners - Enterprise - Tech Trends - All - Cyber Security - Entrepreneurship - |
 Mike Connell
On May 25, 2018 the EU General Data Protection Regulation (GDPR) took effect.

Like any big change, there was, and continues to be a significant learning curve as organizations worldwide—not just in the EU—strive for and confirm their own GDPR compliance efforts. It’s ongoing...

And that’s important for small and large organizations alike: While the regulations came into force in order to protect European Union residents, many expect the United States to adopt like-minded data security measures in the new year.

The vulnerability of the information we share online is a very big deal, and the GDPR has been heralded as one of—if not the—most important change in data privacy history.

As a result, it’s no surprise that GDPR compliance can and should be considered a herculean endeavor.

GDPR Confusion

One of the biggest questions asked about GDPR compliance is, as noted, whether it applies to the organization in question.

In most cases, GDPR compliance is a better-safe-than-sorry action item.

What about those organizations that don’t get it?

From Beth Rimmels at Efferent Media:

Since our company places a high value on privacy and efficiency, complying with GDPR was fairly easy.

We don’t have a habit of asking for extraneous data, and we explain why we ask for a given piece of material.

Convincing some of our clients to become GDPR compliant has been the challenge.

The large corporations who hire or interact with EU citizens quickly understood the need for it.

Medium-sized businesses are too prone to thinking “It’s a European thing. I don’t have to worry about it,” despite selling online to EU customers or EU newsletter subscribers.

Tip #1: Whether you think GDPR is relevant to your business or not, do an audit of all the information you collect from clients and prospects.

Document which departments have access to what material, and how you use it. That tends to demonstrate the benefits of GDPR compliance and provides valuable insight for a variety of circumstances.

Tip #2: Moving forward, whether your business needs to be GDPR compliant or not, stop asking for unnecessary personal data. It will improve trust with your audience and simplify your data processing.

GDPR Best Practices

Here at InfoStreet, we offer a number of app solutions to help small businesses ensure they are GDPR compliant, such as G Suite, Microsoft 365, and Weebly, to name a few.

KJ Dearie, a product specialist and privacy consultant at Termly, provides some of her GDPR best practices:

Not only does my company work with businesses and marketers to help them achieve GDPR compliance, but we have taken our own steps to better adhere to the guidelines of the GDPR.

Although our organization doesn’t target EU users at this time, we’ve found that implementing the following strategies in line with the GDPR are ultimately the best practice for building customer trust and engagement:

1. We’re implementing opt-in checkboxes at user signup. One of the biggest components of the GDPR is legally obtaining user consent to collect and process their data in accordance with Article 7.

For consent to be valid, it must be given freely through an affirmative action. We’re making this easy for our users by adding a checkbox on our signup page. It asks our customers to opt in to any desired marketing communications, and to consent to our privacy policy.

2. We’re making changes to our privacy policy to optimize transparency.

The GDPR seeks to promote a healthier relationship between businesses and users when it comes to user data. One of the keys to adjusting this relationship accordingly is to increase transparency and clarity.

We’re following this initiative by updating our privacy policy with a Table of Contents, FAQ-style headers, and short tl;dr sections to be more readable, understandable, and transparent about how exactly we may interact with and treat our users’ information.

3. We’re instituting a new Universal Privacy Policy.

Not only did we recognize the need to update our privacy policy to better suit the requirements of the GDPR, but we wanted to offer this same adjustment to our users.

As our website offers a privacy policy generator, we reworked the entire builder and final policy to reflect the changes brought about by the GDPR.

We even added an entire section geared toward the GDPR specifically, as we found the regulation to be so prevalent in the data protection and privacy plans pursued by businesses and marketers within the US.

4. We’re making it easier for users to delete their accounts. The GDPR aims to give users control over their own data.

As such, the regulation dictates that business owners and marketers make it easy for users to view, edit, and delete their own information.

To fit this new standard, we’re implementing data management tools on our site that make it easy for users to request to delete their account and, with it, scrape any personal data of theirs, which we store.

I hope these tips help some of your readers adjust their own strategies for the GDPR, and I’m curious to see what other businesses and marketers say they’ve done to bolster compliance.

Are You GDPR Ready? Share the Love

Lisa Hawke, VP of Security and Compliance at Everlaw, created a free GDPR resource (and spoke about their measures at length during one of her company’s podcasts) in the hope that her efforts can aid other GDPR readiness activities.

GDPR Resources

As noted, to help you in your GDPR efforts, some of InfoStreet’s app partners have some great resources and support material.

The Dummies Guide to The GDPR and Managing Data Risk - Symantec

GDPR Compliance Best Practices - Microsoft 365 Blog - Trust Center

Google Cloud GDPR Resource Center - GSuite

GDPR: What is Weebly Doing - Weebly

Note: Portions of this article came from a post originally published on Spin Sucks.