{"id":13499,"date":"2018-05-11T13:21:22","date_gmt":"2018-05-11T13:21:22","guid":{"rendered":"https:\/\/www.customerservicemanager.com\/?p=13499"},"modified":"2022-10-05T16:04:52","modified_gmt":"2022-10-05T16:04:52","slug":"10-steps-to-preparing-your-business-for-gdpr","status":"publish","type":"post","link":"https:\/\/www.customerservicemanager.com\/10-steps-to-preparing-your-business-for-gdpr\/","title":{"rendered":"10 Steps to Preparing Your Business for GDPR"},"content":{"rendered":"<p><strong>The General Data Protection Regulation (GDPR) is a new set of rules amended to the current Data Projection Act that will soon be mandated for those businesses dealing with European consumers.<\/strong><\/p>\n<img decoding=\"async\" loading=\"lazy\" class=\"aligncenter size-full wp-image-13514\" src=\"https:\/\/www.customerservicemanager.com\/wp-content\/uploads\/2018\/05\/gdpr-1.jpg\" alt=\"GDPR Guide\" width=\"500\" height=\"368\" srcset=\"https:\/\/www.customerservicemanager.com\/wp-content\/uploads\/2018\/05\/gdpr-1.jpg 500w, https:\/\/www.customerservicemanager.com\/wp-content\/uploads\/2018\/05\/gdpr-1-300x221.jpg 300w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/>\n<p>On May 25, 2018 the regulation insists on safeguarding the personal information of all citizens of European Union member states. While many businesses are already aligned with the specifications, it\u2019s important to make sure your business has everything covered.<\/p>\n<p>This article takes a look at what you need to have in place in order to avoid being found in violation of the GDPR.<\/p>\n<p>The truth is these new rules are aimed at large companies who deal in information as a source of revenue. Smaller businesses aren\u2019t likely to be penalized the 4% of worldwide gross or 20 million Euros that large corporations will if they\u2019re found in violation.<\/p>\n<p>If you\u2019re worried about having a mountain of work ahead of you to prepare, you shouldn\u2019t be. If you\u2019re unsure if you will be affected look for these key signals:<\/p>\n<ul>\n<li>You deal in information as a commodity;<\/li>\n<li>You request user\u2019s data when they complete a purchase and use the data elsewhere or store it;<\/li>\n<li>You deal with one or more European countries.<\/li>\n<\/ul>\n<p>If the answer is no to all of these then you will be fine!<\/p>\n<p>So what can you do just in case?<\/p>\n<p><strong>Here\u2019s 10 steps your business can take to be best prepared for GDPR, even if you are not physically located in the EU.<\/strong><\/p>\n<p>1. If your website has an online form that incudes a pre-checked box giving permission to receive promotional emails from 3rd parties, this box now needs to be unchecked.<\/p>\n<p>2. If your business conducts any form of list-building, ensure everyone on that list has given explicit permission to be in it. Under the Canadian PIPEDA, it was enough to have implied permission; however, if any EU residents are in your database, the rules are much more firm that provides subscribers with the right to obtain the information stored on them.<\/p>\n<p>3. Make sure your entire staff is aware of the new rules. Circulate a memo to all personnel with a follow-up meeting where the points are reviewed. Asking a few questions to key players whose roles would be most affected by the new rules is a great way to ensure they\u2019re aware of what they need to do.<\/p>\n<p>4. Audit all stored client\/customer info and track where you got it from and where it\u2019s been used. Keep a record of every bit of info and who you may have passed it to at any time, and document the relationship and reasoning.<\/p>\n<p>5. Update your privacy policy so it includes the reasoning for retaining any user data, how it is legally used, and how users can contact your business if they feel their user information is in any way being misused.<\/p>\n<p>6. Have a clear method in place to address requests for erasing a user\u2019s data. Under the DPA, users already had certain rights but the GDPR takes it further with information rights pertaining to their data stored by your business.<\/p>\n<p>The rights consist of:<\/p>\n<p>\u2022 the right to be informed<br \/>\n\u2022 the right of access<br \/>\n\u2022 the right to rectification<br \/>\n\u2022 the right to erasure<br \/>\n\u2022 the right to restrict processing<br \/>\n\u2022 the right to data portability<br \/>\n\u2022 the right to object<br \/>\n\u2022 the right not to be subject to automated decision-making including profiling<\/p>\n<p>You will need to be able to provide all this information in a clear and machine-readable format (not in handwriting).<\/p>\n<p>7. Have a process in place for handing over large volumes of requests. Previously under the DPA businesses had 40 days to comply with a request. That has been shortened to one month. Any lawful request must be fulfilled though if there are a large number of requests and the suspected reasoning is to cause problems for your business then these requests can be contested legally.<\/p>\n<p>8. Have your lawful reasoning for retaining user data or passing to others clearly stated for users and ensure the opt-in option is not pre-ticked or unclear. Users must have a clear understanding of why you want their data, what you do with it, and who you might share it with. And they must have the option to say no. This is separate from Terms and Conditions.<\/p>\n<p>9. If your business deals with anyone under the age of 16 then you\u2019ll need a parent or guardian\u2019s permission to process any of the child\u2019s data. This is very important and strictly regulated but at the same time if you\u2019re not dealing in information as a commodity then you\u2019re likely not going to have to worry.<\/p>\n<p>10. Have steps in place to address a data breach. In the event that user\u2019s data may be compromised you will need to have a way to let all affected users know what was compromised and when. Assigning someone internally the task of coordinating the response is a great idea.<\/p>\n<p>As you can see it\u2019s a big business problem and more so rooted in user protection in Europe where social networks have been cited as problematic and susceptible to foreign influence.<\/p>\n<p>North America is not really affected much but the issue is still very newsworthy, which can make some small business owners nervous when they don\u2019t need to be. In saying that, <a href=\"https:\/\/smallbusinessbc.ca\/blog\/the-small-business-impact-of-gdpr\/\" target=\"_blank\" rel=\"noopener\">this article from Small Business BC<\/a> points out some seemingly harmless potential data breaches that could put you at risk of violation such as sending out greeting cards to customers living in the EU.<\/p>\n<p><strong>If you have any questions about GDPR you can\u00a0<\/strong><strong><a href=\"https:\/\/evisionmedia.ca\/contact\/contact\/\" target=\"_blank\" rel=\"noopener\">message Susan Friesen at eVision Media directly here<\/a>.<\/strong><\/p>\n<p><strong>About the Author<\/strong><\/p>\n<p>Susan Friesen, B.B.A. is the Owner\/Developer at <a href=\"https:\/\/evisionmedia.ca\/\" target=\"_blank\" rel=\"noopener\">eVision Media<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The General Data Protection Regulation (GDPR) is a new set of rules that will soon be mandated for those businesses dealing with European consumers. Here&#8217;s what you need to know..<\/p>\n","protected":false},"author":357,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[79,200],"_links":{"self":[{"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/posts\/13499"}],"collection":[{"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/users\/357"}],"replies":[{"embeddable":true,"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/comments?post=13499"}],"version-history":[{"count":11,"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/posts\/13499\/revisions"}],"predecessor-version":[{"id":13516,"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/posts\/13499\/revisions\/13516"}],"wp:attachment":[{"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/media?parent=13499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/categories?post=13499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.customerservicemanager.com\/wp-json\/wp\/v2\/tags?post=13499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}