Update your policies
If you haven’t already, make sure all your relevant policies (Privacy/Cookie etc) have been updated and are GDPR compliant by May 25th.
Understand consent when collecting data
Obtaining consent is key to becoming GDPR compliant. We’ve taken this as one of the most important overhauls in data policy changes. Power has now been placed back into the hands of the consumer, allowing them to choose who holds their data and more understanding of how it will be used.
The user must always actively be opting in
GDPR requirement states that consent must be “freely given” so all data-capture forms must be selected by the customer and CANNOT already be a pre-selected option. It’s important to understand that rolling terms and conditions and consent into one jumbled tick box option is not ok. Be clear by using a different tick box for each element to make sure your customers know EXACTLY what they are consenting to.
Opting in on a granular level
Opt-in forms now must now have a stringent focus on consent but to do this, companies need to be transparent. When you’re providing opt in information, make sure you are listing the different ways the user’s data will be used. Be specific in stating how they will be contacted on a granular level, whether it’s by email, post, SMS etc. and for what type of communications, e.g. marketing communications.
It needs to be really simple and clear for customers to opt out as well as opt in. Remember, they have the right to withdraw consent. One way of avoiding customers of opting opt is by NOT inundating them with marketing emails as you may lose them forever. Make every message count.
Simply stating you use 3rd parties is not good enough anymore. If you are sharing any data with 3rd parties this must be mentioned clearly either at the point of data collection or covered in your policies. Make sure you’ve also reviewed your 3rd party policies as well as your own.. No more mysterious un-named organisations.