How Your Online Business Can Prepare for GDPR (in a Nutshell)

You might have noticed piles of mail about all the services you use having new legalese. Unfortunately there is little we (the services you use) can do to avoid that. Some of us try to be extra funny, some of us use it as an opportunity to look our best. Most of us aim to be helpful and just want to implement changes without disrupting the user experience too much. The truth is that the GDPR deadline is coming up, and we’re required to change some things. There’s no getting around it, so let’s spell out what this means for your online business.

What’s happening exactly?

About two years ago, the EU approved the GDPR (General Data Protection Regulation). This law protects end users and replaces separate privacy laws in EU member states. The enforcement deadline is 25th of May 2018, which is just a few days away. The EU can charge offenders with heavy fines. So it’s understandable that some online businesses are getting nervous. In short, GDPR demands that businesses:
  • respect consumers’ right to privacy,
  • know what they are doing with user data,
  • are clear about what they are doing with this data to the users.

What do you (as a business owner or marketer) need to do?

To respect consumers’ rights, you have to know what those rights are. Business owners (and marketers) should read and understand at least the GDPR key changes. To show that you know what you’re doing, you have to keep a record. The necessary complexity of this privacy administration varies with the size of your organisation and the types of data you’re processing. If you’re not sure, it is a good idea to consult with an expert. To be clear about what you’re doing, you need to ensure that your terms and privacy statements are up to date. Check out this GDPR Checklist for a full list of measures to implement.

The complicated bits…

A new right in GDPR is the right to be forgotten. This is often not implemented by businesses, so it requires some development effort. Consumers also have the right to access their data. This is sometimes a hassle, if there is no export functionality in an application. As long as your user base is small, you could choose to manually perform these actions upon request. As long as these functions are easily accessible to the user, you are compliant. Many of Squads’ clients operate in the EU, so we have helped them with GDPR. We have GDPR-certified teams and a partnership with NORD Legal, a company that specializes in legal compliance for tech companies. Feel free to contact me if you want to learn more.