We wrote a huge blog post about how to understand and prepare for GDPR. That blog post is longer than we usually write, and we wanted to do a condensed version to help people quickly get to the point of how GDPR impacts them, and know whether they are ready. If you need to know the basics, you should refer to the earlier, longer post about GDPR.
So with that said, here is a checklist that you should go through to understand whether you are ready for GDPR:
- Do you have a checkbox on all your forms that allows people to select an option that says “Do Not Keep My Data”?
- Does your website allow people to change their mind and withdraw consent?
- Are you aware that personal data is obtained from sources other than the data subject, such as third party data providers, you must provide some additional information about the data and source. Refer to Article 14 if applicable.
- Do you have a checkbox or link on all forms on your website that allows people to consent with a “YES” or a “NO” to agree to data processing?
- Do you have a checkbox or link on all forms on your website that includes the data and time on which the consent policy was last updated?
- Do you have a checkbox or link on all forms on your website for “consent notes” (containing the purpose of data processing and a history of consent provided that is documented here) — the value here should capture the purpose of capturing the data; the way the data was obtained, and any previous consent purposes?
- Do you have a checkbox or link on all forms on your website to “Correspondence Opt-Out” — letting people opt-out of correspondence easily?
- Do you have a checkbox or link on all forms on your website to enable them to opt-out of cookie collection or web tracking?
- Do you have a policy internally allowing people to tell you verbally that they opt-out of tracking and communication if they don’t want communications?
- Do you have a policy internally allowing people to tell you via email that they don’t want communications?
- Do you have a policy internally allowing people to tell you send you written communications in some form that tells you that they don’t want communications via certain channels?
- Do you have a process for maintaining lists within your email system, CRM, and other databases to document preferences from individuals on whether and how often they want to receive information from you?
- Are you prepared to respond to individuals who request information to confirm that their data is being processed, and to respond within one month?
- Have you defined roles that define internally who has access to what data?
- Have you limited access only to those individuals who must have access to data?
- Are you prepared to review access regularly to make sure all data access to necessary and compliant?
- Are you storing data in an encrypted manner?
- Do you have a “hover” feature on your website that explains further details about how data is being used, and the definitions you adhere to? For instance, a hover field that allows people to know what they agreeing to if they check the box next to “Do Not Keep My Details”?
- Do you have an “Email Subscription Center” that let’s people specify exactly what they receive from you, how often, and whether they want to opt-out?
- Do have link that allows people to click “Opt Out of Website Tracking” in order to avoid things like retargeting and tailored ads in the future?
These are the 33 best questions we can come up with in order to help people know whether they are ready for GDPR, which takes effect on May 25, 2018, but we hope you do three things if you are still uncertain: (1) reach out to us by email to talk; (2) talk to your lawyer; or (3) read this more detailed post on what GDPR means in greater depth. We hope this is helpful as you get ready for the upcoming regulations!
AdWords Keyword ROI Calculator
We created Royku to train marketers in data-driven marketing.