GDPR has been all over the news lately. The official start date is May 25th.
It’s a HUGE deal across the pond, but in the US, we’re just watching.
However, we went through this a few years ago with Google security, and I guarantee you the policy will filter into the US sooner rather than later.
Plus, the GDPR has some really good elements to it, so I’d suggest you start implementing pieces of it now and get ahead of the issue.
Key elements of GDPR:
- A plain, NO-BS privacy policy: The one we’ve been using with clients for years is still pretty solid. We’ve modified it just a bit for GDPR, but if you still don’t have a privacy policy, it’s time to get one ASAP.
- Check your web forms: Just because someone requests a consultation, you cannot just add them to your monthly email list. Make sure you only request the information necessary to process their request, and that you ask permission before adding a web lead to your email marketing lists.
- Having a data security policy: This is the biggie! Once you collect data from your website, where does it go? How is it stored? Who has access to it? How long is it stored? How is it updated?
The last piece is where the real liability lies, and unfortunately I can’t give you a template to stick on your website to solve that problem. That’s where your attorney or IT professional comes in.
And in case you’re wondering, I am not an attorney 🙂 So please take this email as simply a wake up call to address some important data issues in your business.
Please shoot me an email if we can help!