If you’re not GDPR compliant by now, you might be thinking it’s too late.
However, the reality is that it is never too late to comply: 25th May was the beginning, not the end, for GDPR.
Here are three things you need to do if you’ve not done them already…
- Update your privacy policy
You need to update your privacy policy so that it complies with the General Data Protection Regulation. This includes (but is not limited to):- Updating individuals on their rights, such as the right to be informed, the right to erasure and the right to restrict processing
- Detailing what type of information you collect
- Making clear how individuals can access their data and how much it will cost them to do so (clue: £0)
- Revise your approach to cookies
Your cookie policy must also be updated, as well as how you implement cookies. This includes:- Consent to cookies must be knowingly given, which means implementing or updating your current method for deploying cookies
- Details of each cookie must be communicated in your cookie policy
- Give users the ability to turn off or update their cookie preferences
- Update your database on these changes
You might be thinking that you can’t email your database to let them know about the changes you have made now the 25 May deadline has expired, but this isn’t the case. Whenever you make significant changes to your privacy policy, it needs to be communicated to your contacts as they will be the ones affected. After all, they have the right to be informed and if anything else, it’s just good manners!
If these three things are still on your to do list – we can help!Click here to find out how.