“We’re updating our terms and conditions…”
I bet everyone is fed up with seeing that email subject line. However, the actual reasoning behind them is for everyone’s benefit – seriously!
Long story short, they had to be sent out after the update to the GDPR, and the GDPR exists to protect your information from misuse and malicious intent. There’s obviously a lot more to it than that, but, that’s it in a nutshell.
So, as you can imagine, it has affected just about every company out there, sending them all into a spiral to get everything GDPR compliant before it came in to a. Some companies got themselves sorted in time, some were already completely covered, and some are still well behind in terms of compliance.
Assuming your company wasn’t up to anything shady, you really should’ve been in at least a decent position beforehand. However, there are still a few bits and pieces that could potentially fall through the cracks.
Below is a list of the more fundamental GDPR stipulations that have the potential to be overlooked.
Site messaging
All of this can and should start with your site messaging, whether that be CTAs, T&Cs or sign-up forms – it must be crystal clear what the user is entering their data for, and they must be absolutely clear on that they are doing it.
And the most paramount point, is that the user needs to give their permission. Without this, then it doesn’t matter how clear your messaging is – you’ll be in breach of the GDPR.
Storing
There’s a few different points on the storing of data. These include:
- How it’s going to be stored
- How long it’s going to be stored
- What it’s going to be used for
- Who will be able to see this data
Once data is stored, the users must be certain of what their data is being used for, who by, for how long, and why.
External safeguards
Cybersecurity is very important, as there are threats out there. You can have all the best anti-virus and anti-malware software installed, but there is still human error that no software can deter. Opening bad emails, downloading the wrong files – while software can potentially catch these, they can’t catch everything.
Having your workforce undergo professional cybersecurity training is one way of making sure your employees are in the best state possible to combat these threats.
Internal safeguards
Internal threats can be just as devastating as external threats – a 2016 study of 874 data breaches found that a massive 65% of incidents were cause by employee negligence and mistakes. And it’s just that, mistakes. It’s very unlikely that there is some cloak and dagger, insider trading going on. But people make mistakes.
Informing them of email procedures so the wrong thing doesn’t get sent to the wrong person, and updating company permissions, so the wrong people can’t access the wrong information. These all help towards preventing internal issues.
Third parties
Even if your workforce is completely up-to-speed on the GDPR, and cybersecurity etc, if you’re using third parties, they might not be.
If you are using any suppliers or external contractors, and they are using or collecting data for you, it is YOUR responsibility to make sure that they are adhering to the same regulations and stipulations that you are. If they’re not, then it’s probably best for you to look for a different supplier or contractor.
One Response
Thanks for posting the
Thanks for posting the article, I need some training on GDPR!