GDPR in a nutshell | May 25th Aftermath...
The GDPR sets a high standard for consent.
Consent means offering individuals real choice and control.
Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.
But you often won’t need consent. If consent is difficult, look for a different lawful basis.
- Check your consent practices and your existing consents. Refresh your consents if they don’t meet the GDPR standard.
- Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.
- Explicit consent requires a very clear and specific statement of consent.
- Keep your consent requests separate from other terms and conditions.
- Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough.
- Be clear and concise.
- Name any third party controllers who will rely on the consent.
- Make it easy for people to withdraw consent and tell them how.
- Keep evidence of consent – who, when, how, and what you told people.
- Keep consent under review, and refresh it if anything changes.
- Avoid making consent to processing a precondition of a service.
This is a good thing, inside European Community, as well as outside ( including the United Kingdom and any foreign countries).
So, before and after May 25th what things had or still must be done as priorities.
1. Execute your checklist
☐ Do we have checked that consent is the most appropriate lawful basis for processing?
☐ Do we have made the request for consent prominent and separate from our terms and conditions?
☐ Do we ask people to positively opt-in.
☐ Do we don’t use pre-ticked boxes or any other type of default consent?
☐ Do we use clear, plain language that is easy to understand?
☐ Do we specify why we want the data and what we’re going to do with it?
☐ Do we give separate distinct (‘granular’) options to consent separately to different purposes and types of processing?
☐ Do we name our organization and any third party controllers who will be relying on the consent?
☐ Do we tell individuals they can withdraw their consent?
☐ Do we ensure that individuals can refuse to consent without detriment?
☐ Do we avoid making consent a precondition of a service?
☐ If youyou offer online services directly to children, Do you only seek consent if we have age-verification measures (and parental-consent measures for younger children) in place?
2. Recording consent
☐ Do you keep a record of when and how you got consent from the individual?
☐ Do you keep a record of exactly what they were told at the time?
3. Managing consent
☐ Do you regularly review consents to check that the relationship, the processing, and the purposes have not changed?
☐ Do you have processes in place to refresh consent at appropriate intervals, including any parental consents?
☐ Do you consider using privacy dashboards or other preference-management tools as a matter of good practice?
☐ Do you make it easy for individuals to withdraw their consent at any time, and publicise how to do so.
☐ Do you act on withdrawals of consent as soon as you can?
☐ Do you do something effective & don’t penalize individuals who wish to withdraw consent? (like loss of loyalty points, freemiums, etc...)
Still unsure or uncomplete process? Get the help of professionals to maximize your compliance. Google analytics, Facebook Ads, various platforms such as social media, SaaS, PaaS, e-commerce, social selling, Shopify, Amazon, eBay...
Send your business details to mybebeetv@gmail.com to get your process reviewed from every angle. (company|address|email|phone)
Articles from stephan metral 🐝 Innovative Brand Ambassador
View blogSoy, o tal vez no, parte de las valiosas conexiones de su red de LinkedIn, pero soy un Open Networke ...
DURANTE TIEMPOS PANDÉMICOS, LO MEJOR QUE HACER ES PENSAR Y ESCRIBIR SUS PENSAMIENTOS, MÉTODOS Y PROC ...
https://bit.ly/2EnlvbP | I'm calling my 848 followers Bebee for a favor. I will start Livestream eve ...
Related professionals
You may be interested in these jobs
-
administrative assistant
Found in: Talent CA 2 C2 - 2 days ago
LINA CONSTRUCTION LTD. New Westminster, CanadaEducation: Secondary (high) school graduation certificate · Experience: 1 year to less than 2 years · Tasks · Arrange and co-ordinate seminars, conferences, etc. · Record and prepare minutes of meetings, seminars and conferences · Determine and establish office procedures and rou ...
-
Retail Store Department Head
Found in: beBee S2 CA - 3 weeks ago
The North West Company Artic Bay Arctic Bay, Canada Full timeRetail Store Department Head 62010Supervise staff, Hire and train or arrange for training of staff, Establish work schedules, Sell merchandise, Resolve problems that arise, such as customer complaints and supply shortagesEducation: Secondary (high) school graduation certificateEx ...
-
Elementary PHE Teacher
Found in: Adzuna CA C2 - 1 week ago
ApplytoEducation Chilliwack, Canada Part timeWho are you? You are a collaboratively minded, life long learner seeking to make an impact as an educator. · You are excited about the mission and vision of Cascade Christian School, to help our students explore their place in God's story by living with wonder, serving with purpo ...
Comments
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #10
Fede...Twitter no functiona?
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #9
Louise Smith
5 years ago #8
ATM I don't do business and deliver service within the European community borders. I hope to in the future so thanks for your excellent advice
Louise Smith
5 years ago #7
Thank you stephan metral \ud83d\udc1d Innovative Brand Ambassador Yes I have an external hard drive but very recently I can't access it on my computer I have to check to see if it is encrypted I don't store my information on a cloud Yes thank you I need to have a data protection & privacy policy for my business I will look into that.
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #6
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #5
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #4
You are welcome Louise Smith, to avoid the set of risks, quite a few bunch of solutions from processes to software (+SaaS) can be very effective. I would say that rule #1 that applies is to have external USB 3.0 SSD hard disk, then you should have encryption software on those detachable HD that you can store in a safe aside your Computer system. If any online database exists my concern would be to empty them. You also should write down a data protection & privacy policy to apply to your business as well as any of your online services.
Louise Smith
5 years ago #3
Louise Smith
5 years ago #2
stephan metral 🐝 Innovative Brand Ambassador
5 years ago #1