6 Steps to ensure your business is GDPR compliant
Hi, I’m Ben, and today I’m going to talk about General Data Protection Regulation.
In my last video I gave you an overview of what the law entails, and now I’ll speak to what every business needs to do.
To start, here’s a few specific questions that your business should ask.
Do you market directly into the European Union?
If so, you need to have people in your organisation actively working to ensure GDPR compliance.
Do you sell an online product such as software as a service, which people within the EU can purchase?
If so, you need to ensure that you either move to comply across your whole website or you have a process to separate out people within the EU and deliver a GDPR compliant experience for them.
Are there emails or contact information of people from the EU in your database?
If so, you need a plan for them. If you don’t market or sell into the EU, I recommend you remove them from your database completely.
And if EU markets are important to you, you need to put a strategy together to ask them for consent to continue marketing.
If you’ve answered yes to any of the above, and marketing in the EU is part of your strategy, here’s a few things you can do right now.
First, I recommend you geo-target all of this, so it only displays across the EU and doesn’t affect your marketing results in other areas.
First, add a cookie consent popup to your website.
Cookies are a small text file stored in your browser when you visit a site, which allows that site to store your preferences and retarget you with ads.
I recommend the tool Cookie Consent, which is built for GDPR compliance and is simple and easy for your developers to implement.
Second, ensure all your online data collection includes explicit consent for your marketing activities and allows people to opt in or out.
This means that if you ask for an email address so you can direct market to people, you tell them this on the form, and you have a tick box, which gives consent and is not automatically checked.
Fourth, ensure you have a plan for if you experience a data breach.
GDPR legislation says in most cases you have 72 hours to report a hack. And while Australian law isn’t as stringent, there are reporting requirements here as well, so all businesses should take extra steps to secure your data and have a plan for if you do get hacked.
Fifth, review and accept the new Google Analytics Data Retention terms of service, which has been released in response to GDPR.
This will show up as a header bar at the top of your analytics account, and explains all the changes Google’s made in response to the legislation.
To wrap up, I recommend all businesses review your exposure to GDPR legislation.
Speak with your legal or compliance teams, and make a plan for its launch.
No one wants to be the business that they make an example of as they move to enforcement.
That’s all for now.
If you have any questions on how to ensure your marketing results don’t suffer from GDPR compliance, leave them in the comments, and I’ll give you some tips.