You’ve got… what?

Gladly, GDPR (General Data Protection Regulation) is going to replace the old piece of a bill. It’ll protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy. If you haven’t heard about it yet, you’re probably wondering about all the what’s and how’s. Without further ado…

What is personal (and non-personal) data

A good question, which I probably should have led with. Well…

Personal data refers to data which can be used to identify a living individual directly or indirectly. On the contrary, non-personal data describes information which is anonymous and can’t be used to track a person.

Examples of personal data your business might collect are:

Examples of non-personal data your business might collect are:

How to make your business compliant

Run an audit

You can’t move forward unless you define how much of personal and non-personal data you handle as a business. Therefore, the first step to making your business compliant is running a rock-solid audit. It’ll help you uncover all data processors, which then you can question whether they are needed or not. After all, the entire compliance is about proper spring cleaning and being aware of personal data you store and why. There’s no harm in that, right?

When you discover a new piece of data, ask yourself the following questions:

  1. What are you using the data for?
  2. Where is the data being stored?
  3. Do you still need the data? (no room for sentiments; get rid of as much as possible for your own convenience!)

Even though the audit sounds painful, it’s pretty much the most difficult and time-consuming part you’ll have to do on your way to becoming a better data protector (sounds like a superhero).

Update privacy policy page

By now you should have a pretty good understanding of what personal data you handle. It’ll allow you to craft an accurate privacy policy page (or update an existing one) to reflect your findings and reassure your visitors and customers that their personal data is in good hands.

Take a look at our privacy policy page if you need a template or hand-holding.

Make sure you answer the following questions:

I don’t process any data, but I use third-parties like MailChimp or Google which do

Even though most of those companies are based outside of European Union, they must comply with GDPR rules when dealing with EU based businesses. There’s nothing you have to do your end and they’re most likely already compliant with the new legislation. If not, they’ll soon be. It’s kinda a big deal, you know.

What have we done to be GDPR compliant

Being a web agency we process a plentiful of customers’ data including login credentials. That’s why we take security very seriously and we do our best to keep everything away from unwanted hands.

GDPR helped us to re-visit our internal processes, improve the way we store the data and ensure its maximum security.

Things we’ve done:

I said we were quite serious about it. Plus, who would have wanted €20,000,000 penalty?

Keep your website compliant

Whether you need to implement an effective cookie consent form or redesign your Privacy Policy, we’re here to help. Drop us a line to get started.

Originally published Mar 16, 2018 2:04:10 PM, updated January 12 2022.

Don't forget to share this post!

Google rating Schedule a call
Menu Scroll button