GDPR Compliance – We’ve all seen the GDPR privacy policy updates all over the Internet the past few months. From updated Terms & Conditions on websites, Jobs Websites, AdWord Accounts, Facebook, Twitter, accepting renewed email subscription with updated terms and you’re probably thinking. What about my own website? Am I covered and by law what must I do?
But first, if you are interested in our services at Digital Sales, check out this quick video:
Within this blog post, we will examine what you need to do if you have a website with Google Analytics code on it, your website contains a Contact Us form or Sales form or you have a comments and registration section of your website, Social Media Share Buttons, you have an online shop and if you have an email subscription functionality on your site. But first a quick over view of GDPR.
The General Data Protection Regulation (GDPR), makes law the fundamental right of every living person to control their personal information, and have it adequately protected by any group processing and holding it. And so, in order to continue trading with other countries in the European Economic Area, Irish companies need to comply with European standards on data protection.
It applies as law and is enforceable from the 23rd of May 2018 and regulated by the Data Protection Commissioner (DPC). It applies to all companies, commercial, voluntary or public service that collects stores, or presses the personal data of European citizens. If you are a company outside the EU, but trades within it, you must adhere to the GDPR.
If an organisation is in breach of GDPR, they can be fined 20 million euro or 4% of annual global turnover.
The overarching principles on the protection of personal date are:
The ‘controller’ must be able to demonstrate compliance to all of the principles above, this is known as the ‘accountability principle’.
You have probably received re-engagement emails lately from companies you are registered with. In theory you should also send this type of email to your current mailing list. You will most likely lose subscribers, but it should be done. The re-engagement email should cover these particular points:
Users must ‘opt in’ ergo you must get permission to send email marketing. So, if a customer buys a product, and you want to add them to your email marketing list, you must ask permission. Or, say a prospect complete a Quotation form, you can’t add that prospect to an email marketing list unless they have agreed to. And you must keep a record when they gave permission and you need to log exactly what they were shown when opting in.
Also…
The use of cookies should also be outlined in your privacy policy and what the information collected will be used for.
Updating your Privacy Policy – you must make it transparent what you will do with the information once you’ve received it, and how long you will retain this information both on your website and also by your office systems. You will also need to communicate how and why you are collecting data. Your privacy policy will need to detail applications that you are using to track user interaction.
Online Payments – most websites will have an offsite payment gateway however; your website will most likely pick up certain user details. Your website is storing personal details and so these details need to be removed after a reasonable period of time, a couple of months should suffice, but no time stamp has been enforced or recommended by the GDPR.
If you are using Remarketing techniques, you must update you Privacy Policy that cookies are being used in this way.
If you visit our website at www.DigitalSales.ie – you will notice the standard Cookies Policy at the bottom of the page, a pop up you see on most respected websites and links to our Cookie Policy page and to our website Privacy Policy.
Yes, we use ‘iubenda’ and we are doing so because if any online provider (Google, Microsoft, Mailchimp, etc) updates their legal’s, usage policy or there is a change in the Law, ‘iubenda’ will automatically updates the Digital Sales Cookies and Privacy Policy pages, in order to counteract this change. And you don’t have to worry about anything, it will be done before you even notice! Nothing no worry about, and the annual fee is very reasonable at around 30 euro per annum.
If you would like to make your website GDPR compliant, we can add your website to our ‘iubenda’ account, configure your policies against the systems and software you are using on your website and add the necessary new pages to your website and removing the old Privacy Policy pages. Fully covering your website for GDPR compliance.
Simply send a mail to info@DigitalSales.ie or call any of our phone number on: 01 539 7207, 021 202 1077, 091 734 107.
Diarmuid Haughian – Business Development Director – Digital Sales
Dip. International Selling, Cert. Digital Marketing, MSc. BITS, MA Career Guidance