- Explain your lawful basis for processing personal information.
- How long you plan to keep their data for.
- Clearly explaining that individuals have the right to complain to the ICO if they feel you are mishandling their data.
- Knowing and being able to clearly show an individual what personal data you have stored.
- Only collect data with the right consent to do so.
This covers a few of the main points for websites, but GDPR isn’t just about your cookies or email newsletter or other parts of your content marketing funnel. You’ll want to have someone in the company that can monitor and be in charge of your GDPR/Data Protection and that has an understanding of all the systems you currently use to collect, store or process data.
GDPR is Complicated
Don’t worry if you find all of this confusing, complicated, or maybe even slightly over the top. The truth is, without getting a legal opinion, there’s no way to know for sure if you’re completely compliant. We recommend getting legal advice if you’re not 100% sure. It’s worth it in the long run. Even then, it’s tough to keep these policy pages on your website up to date, as you add new services like Google Analytics, Facebook Pixel, etc.
Even those who enforce GDPR are having difficulty keeping up with what needs to be done. I mean, after all, if they’re having trouble, what chance do the rest of us have, right?