By Chris Breaux
This post is sponsored by Gemserv.
GDPR has forced organisations around the world to overhaul how they handle data and carry out data collection. The regulation came into effect in May 2018 and targeted how businesses and the public sector handle the personal information of more than 750 million European citizens. For organisations that don’t comply, the impact could be huge fines so it’s important to ensure that your company is following the requirements closely. Here are some tools and tricks you can use to make quick progress with how your company operates in terms of its data protection policies.
Follow a Checklist
It can be daunting knowing where to begin with data protection and GDPR compliance, so a good starting point is to follow a checklist to ensure you don’t forget anything. There are compliance checklists you can find online to help you take a rigorous and thorough approach to tackling data protection.
Encrypt Your Site
Encrypting data is a great way of ensuring security and safety when inputting personal information online. Organisations should utilise SSL/TLS certifications to ensure that their sites are safe and protected from hacking and data breaches. Let’s Encrypt has an automated GDPR assessment tool which makes it possible to set up a HTTPS server and have it obtain a browser-trusted certificated automatically so sites are able to provide more security.
Updated Email Consent Forms
Even if you’ve not considered it for your own company, you’ll no doubt have received some sort of GDPR-related emails over the last year asking if you want to remain on different email lists for other businesses. In order to ensure that your own contact lists are compliant with the new ruling on consent and disclosure, it’s important to add a consent form for your site. MailChimp have data management tools and content form templates that you can use to help you verify consent from users.
Review the Data You’re Collecting
In order to make your data collection and storage more efficient going forward, a quick change you can make is updating the type of data you’re collecting. Is it all necessary or are there some elements that you could remove to not only make it easier to comply with GDPR but also streamline the data collection process? For example, for B2B marketing organisations, a full name, email and company name is usually sufficient.
Add a Pop-Up to Your Site