GDPR in a nutshell | May 25th Aftermath...
The GDPR sets a high standard for consent.
Consent means offering individuals real choice and control.
Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.
But you often won’t need consent. If consent is difficult, look for a different lawful basis.
- Check your consent practices and your existing consents. Refresh your consents if they don’t meet the GDPR standard.
- Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
- Explicit consent requires a very clear and specific statement of consent.
- Keep your consent requests separate from other terms and conditions.
- Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.
- Be clear and concise.
- Name any third party controllers who will rely on the consent.
- Make it easy for people to withdraw consent and tell them how.
- Keep evidence of consent – who, when, how, and what you told people.
- Keep consent under review, and refresh it if anything changes.
- Avoid making consent to processing a precondition of a service.
This is a good thing, inside European Community, as well as outside ( including the United Kingdom and any foreign countries).
So, before and after May 25th what things had or still must be done as priorities.
1. Execute your checklist
☐ Do we have checked that consent is the most appropriate lawful basis for processing?
☐ Do we have made the request for consent prominent and separate from our terms and conditions?
☐ Do we ask people to positively opt-in.
☐ Do we don’t use pre-ticked boxes or any other type of default consent?
☐ Do we use clear, plain language that is easy to understand?
☐ Do we specify why we want the data and what we’re going to do with it?
☐ Do we give separate distinct (‘granular’) options to consent separately to different purposes and types of processing?
☐ Do we name our organization and any third party controllers who will be relying on the consent?
☐ Do we tell individuals they can withdraw their consent?
☐ Do we ensure that individuals can refuse to consent without detriment?
☐ Do we avoid making consent a precondition of a service?
☐ If youyou offer online services directly to children, Do you only seek consent if we have age-verification measures (and parental-consent measures for younger children) in place?
2. Recording consent
☐ Do you keep a record of when and how you got consent from the individual?
☐ Do you keep a record of exactly what they were told at the time?
3. Managing consent
☐ Do you regularly review consents to check that the relationship, the processing, and the purposes have not changed?
☐ Do you have processes in place to refresh consent at appropriate intervals, including any parental consents?
☐ Do you consider using privacy dashboards or other preference-management tools as a matter of good practice?
☐ Do you make it easy for individuals to withdraw their consent at any time, and publicise how to do so.
☐ Do you act on withdrawals of consent as soon as you can?
☐ Do you do something effective & don’t penalize individuals who wish to withdraw consent? (like loss of loyalty points, freemiums, etc...)
Still unsure or uncomplete process? Get the help of professionals to maximize your compliance. Google analytics, Facebook Ads, various platforms such as social media, SaaS, PaaS, e-commerce, social selling, Shopify, Amazon, eBay...
Send your business details to mybebeetv@gmail.com to get your process reviewed from every angle. (company|address|email|phone)
Articles from stephan metral 🐝 Innovative Brand Ambassador
View blogFor years now, organizations have been teaming up with global experts and industry professionals to ...
Did you know it? · Today is · #NationalLazyDay! · National Lazy Day gives us permission to relax and ...
El gigante tecnológico Apple ha sacado el videojuego Fortnite de la App Store, eliminando la capacid ...
Related professionals
You may be interested in these jobs
-
information systems quality assurance analyst
Found in: Talent CA 2 C2 - 2 days ago
BV Investors Inc. London, CanadaWork Term: Permanent · Work Language: English · Hours: 40 hours per week · Education: College/CEGEP · Experience: 5 years or more · Tasks · Confer with clients to identify requirements · Conduct business and technical studies · Design, develop and implement information systems bu ...
-
bookkeeper
Found in: Talent CA 2 C2 - 11 hours ago
MAYFIELD MATTRESS LTD. Edmonton, CanadaEducation: Secondary (high) school graduation certificate · Experience: 1 year to less than 2 years · or equivalent experience · Work setting · Relocation costs not covered by employer · Willing to relocate · Tasks · Calculate and prepare cheques for payroll · Calculate fixed ass ...
-
Conseiller(ère) à la vente
Found in: beBee S2 CA - 1 week ago
Newlook Longueuil, Canada Full timeInnovation, passion, vision et respect sont des valeurs qui nous animent quotidiennement. · De notre siège social, en passant par toutes nos succursales, ces valeurs sont au cœur de notre entreprise et de nos équipes. Notre succès ?Il s'agit définitivement de notre engagement à c ...
Comments
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #10
Fede...Twitter no functiona?
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #9
Louise Smith
5 years ago #8
ATM I don't do business and deliver service within the European community borders. I hope to in the future so thanks for your excellent advice
Louise Smith
5 years ago #7
Thank you stephan metral \ud83d\udc1d Innovative Brand Ambassador Yes I have an external hard drive but very recently I can't access it on my computer I have to check to see if it is encrypted I don't store my information on a cloud Yes thank you I need to have a data protection & privacy policy for my business I will look into that.
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #6
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #5
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #4
You are welcome Louise Smith, to avoid the set of risks, quite a few bunch of solutions from processes to software (+SaaS) can be very effective. I would say that rule #1 that applies is to have external USB 3.0 SSD hard disk, then you should have encryption software on those detachable HD that you can store in a safe aside your Computer system. If any online database exists my concern would be to empty them. You also should write down a data protection & privacy policy to apply to your business as well as any of your online services.
Louise Smith
5 years ago #3
Louise Smith
5 years ago #2
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #1