For me, digital marketing was always the fun side of the business. The opportunity to express our brand creatively, meet new people, solicit feedback. The colours, the layouts, the strategies. These are all exciting to me.
Equally fun for me are the technical and legal disciplines. Great digital marketing agencies are well versed in many disciplines. These should include the disciplines, such as hosting, performance, security, and even the legal disciplines such as CASL Compliance, WCAG, Local Privacy Laws, and so much more. One common compliance term growing in the marketing community is GDPR and it can impact your business.
What is the GDPR?
GDPR stands for General Data Protection Regulation and it represents changes introduced by the European Union to their data privacy laws. The regulation went into effect in 2018, and addresses concerns around data storage, accuracy, accountability, purpose and even storage limitations. GDPR also mandates organization compliance, procedures and self-checks. To summarize it, GDPR is about ensuring that you are accountable for the data people are entrusting with you and your business.
My business is in Canada, does the GDPR apply to businesses in Canada?
GDPR will impact companies here in Canada as well. If you are a Canadian business, and you offer goods or services to EU residents, and/or, monitor the behaviour of EU residents within the EU (This could include internet analytics for behavioral advertising), and/or if you conduct business, or market goods and services with, in, or to EU residents, yes this applies to you, and you need to read further.
Isn’t GDPR something my IT department will manage?
GDPR impacts the entire company. If you don’t properly address or prepare for it, you can face serious fines, business interruptions, or losses.
Important Disclaimer: We highly recommend working with a professional that is experienced in compliance matters to review your current process. Proper implementation can be complex and challenging and may require help from multiple subject matter experts, such as IT, Legal, Operations, HR and more. If you are concerned, please feel free to contact us and we’ll see what we can do about filling the gaps in your organization.
Here is your 12-Point Checklist to Help Prepare your Business for GDPR
1. Raise Awareness
Ensure all members of your organization are aware of the new laws under GDPR and understand the impact.
2. Conduct Information Audit
Organise an information audit to document what personal data is held within your systems and files, where it is coming from and who you share it with.
3. Communicate Privacy Policy
Review your current privacy policy for any gaps and ensure it is easily accessible on all web properties.
4.Outline Individual’s Rights
Check your procedures to ensure they protect all individual rights, including deleting data when requested.
5.Plan for Subject Access Requests
Complete an action plan for handling requests within the new timescales (30 days).
6.Conduct Data Processing Audit
Document a processing data audit, outlining the different data processing types your organization performs and the legal basis for why they perform them.
7.Review Consent Procedures
Review how you are seeing, obtaining and recording content and if changes are needed.
8.Safeguard Children’s Data
Consider whether you need a process to verify individuals’ ages or to obtain parental consent for children 16 years or younger.
9.Establish Data Breach Procedures
Ensure you have proper procedures in place to detect, report and investigate a data breach.
10.Adopt a Privacy by Design Approach
Familiarise yourself with how and when to implement Privacy Impact Assessments.
11.Designate a Data Protection Officer
Determine who in the organization will take responsibility for data protection compliance.
12.Determine International Data Authority
If your organization operates internationally, determine which data protection authority you come under.