This is EU legislation that snuck up and reallise it applies to me as well and will still apply despite Brexit – one reason is we will implement most EU laws. Its like a huge spring clean of any Websites and Blogs you own where you handle and store data
This explains many emails suddenly getting from websites you forgot you ever visited – and the important financial ones you cant ignore – asking you to accept their new T’s & Cs.
I’m in no position to give advice but reallised this huge chasm of responsibility that also have to understand and implement before 25th May and my knees are knocking.
The hardest bit to understand – who are the 3rd Parties for your Websites, Carts and Blogs and how to get them to open up about how they are compliant to GDPR legislation. You are required to understand the Privacy Policies of all your 3rd Parties – how they protect the flow of personal data. Minimum let customers know that these 3rd Party processes exist on your own Privacy Policy
In the beginning of trying to resolve all above – have discovered interesting things:
– 26,000 people signed up to my Mailing List – in one year in 2016 – now every single one has been deleted
– Paypals’ Privacy Policy has a list of 3rd Parties from here to Timbukto and is perhaps a little shy about sharing their GDPR status
– Some mail clients make it almost impossible to contact them – to ask them these things but isn’t that the point of GDPR?
And a few more would love to reveal but cant – Data Protection reasons and to be honest own embarassment.
Some key things:
– You are encouraged to do an audit of all your Data handling – what you use it for, where is it stored and do you need it
– As mentioned, understand who your 3rd Parties are and if their Privacy Policies are compliant with regulations
– Let people know how long you keep their Data (this depends on things like VAT)
– You need to give people an option to erase their Data
– Define in Ts&Cs that minors ask permission from parents
– You need to update your Privacy Policy to communicate your data handling process and give customers an opportunity to request a copy of their data or be able to erase it
– If you can – ‘pseudonymise’ – your data handling
sunnypolarbear 