This is EU legislation that snuck up and reallise it applies to me as well and will still apply despite Brexit – one reason is we will implement most EU laws. Its like a huge spring clean of any Websites and Blogs you own where you handle and store data
This explains all those emails you are suddenly getting from websites you forgot you ever visited – and the important financial ones you cant ignore -asking you to accept their new T’s & Cs or its sayonara..hasta la vista, baby
Im in no position to give any advice – just reallised this huge chasm of responsibility that i have to understand and implement before 25th May and my knees are knocking.
The hardest bit is to understand – who the 3rd Partys for your Websites, Carts and Blogs are and to get them to open up about how they are compliant to GDPR legislation. You need to understand the Privacy Policys of all your 3rd Partys – how they protect the flow of personal data. Minimum let customers know that these 3rd Party processes exist on your own Privacy Policy
But in the beginning of this process i have discovered some interesting things:
– I had over 26,000 people signed up to my Mailing List – in one year in 2016 – no longer
– Paypal’s Privacy Policy has a list of 3rd Partys from here to Timbukto and is perhaps a little shy about sharing their GDPR status
– Some Mail clients make it almost impossible to contact them – to ask them these things – isnt that the point of GDPR
and a few more id love to reveal but cant, you know – Data Protection reasons (and own embrrasment)
Some key things:
– You are encouraged to do an audit of all your Data handling – what you use it for, where is it stored and do you need it
– Understand who your 3rd Partys are and if their Privacy Policys are compliant
– Let people know how long you keep their Data (this depends on things like VAT)
– You need to give people an option to erase their Data
– Define in Ts&Cs that minors ask permission from parents
– You need to update your Privacy Policy to communicate your data handling process and give customers an opportunity to request a copy of their data or be able to erase it
– If you can – Pseudonymise – your data handling
sunnypolarbear 