Time to update your Data Privacy and Data Collection Notices!
This blog post is the fourth in a series of posts on the lovely subject of GDPR. If you are a sole trader, like me, living in Ireland, you will be keen to find out how to become compliant before the deadline on 25th May 2018. I will be sharing the information I have gathered over the past few months in a series of posts. These views are my own. I won’t be using legal jargon or providing information that really only affects bigger companies, as they have their own HR and IT staff to handle their compliance. I hope you will find the posts helpful and feel free to add comments or tips below.
The best way to do that is by referring to the information in your data audit to make sure you include details that cover all of your data collection points. With regards to the layout for the data privacy statement, the content really depends on your own online business activities. In my case, I just showcase my services on my website but if you sell products or services through your website then you are collecting more personal data and your data privacy statement should clearly explain why the data is being collected, how it’s being secured etc.
Collection Notice Points
I gave an example of an online collection notice in blog post No 3. But just to confirm, a collection notice should be available at the point in which you ask for personal data to be shared with you. So using the data audit you can quickly see where you have been collecting personal data. Keep in mind, that GDPR is mainly concerned with evidence of consent and evidence that data is being collected and stored securely.
Here is a list of marketing collection notices that you might be using to collect personal data:
|Subscription pop-up/form on website/social media sites||Subscription form|
|Webinars/Event registration*||Event registration|
|Application forms||Application forms|
|Website Cookies||Business cards|
|Free downloads (E-books/Tips)||Retail stores loyalty programmes|
I am sure there are many other points but you will know where and how you collect personal data for your own particular business.
The important thing to remember here is that you should not add a person’s data to your Newsletter subscription list if they only consented to receive your E-Book! You will need consent for both marketing activities.
Right, I’m glad that bit is over. In my next post, I will look at Retention, Withdrawing Consent and deleting files. Coming soon. Promise!