Following on from my previous two videos, I've been working on the remaining parts of GDPR compliance for straightforward intuitive businesses.
It's clear that the GDPR is causing people a lot of stress; please don't lose sleep over this. Get it right but don't think there are going to be people breaking down your door at night if you aren't 100% right.
This isn't helped by people running around trying to make a quick buck. Most of the advice on the GDPR - particularly from people who claim to be legal advisers - is terrible.
Finally, it's also clear that I can't fit all this into a couple more videos! We like to keep videos under 10 minutes and certainly no more than 15 minutes. I thought this series would be 4 videos but it'll more likely be 8. Happy days!
Anyway, if you haven't signed up already and you'd like to know when the next videos are done, subscribe to this mailing list:
That list is just for GDPR videos, if you'd like to know about articles on this site generally, there's a mailing list sign up on the top right of this page.
Here's the link to my example Privacy Notice but please, write your own, in your voice.
Remember what's important is that this Privacy Notice reflects what you actually do. Don't buy something from a lawyer and throw it up on your web site, that's worse that doing nothing. Do your data inventory, and then turn that into human speak.
I mentioned an amusing policy on this web site. It is good to remember these Privacy Notice pages are meant to be human readable.
I mentioned Suzanne Dibble's video on having your address on your web site which is worth a watch if you're worried about this aspect.
I split out Cookies into a separate video to keep things digestible.
Broadly, if you don't have any funky "Social sharing" plugins and just use Google Analytics, you're fine. If you want to do more than that then you're going to have to do some work analysing what you have, and then managing cookie consent. I decided it wasn't worth the bother!
This page looks at Google Analytics and the cookie consent situation. Summary "Do we need to gain explicit opt-in from users if we use Google Analytics? - No, not for a standard implementation of Google Analytics. Google collects a lot of data from every visit / visitor to your website but it does not store any personally identifiable information."
I've got a couple of videos planned on:
- What you need to do for mailing list signup forms, order forms etc.
- How to handle Data Subject Access Requests ("DSAR")
I've realised that DSAR's are the biggest problem for people in the intuitive business, because it's a communication channel you have to have open by law, but that could also be mis-used by people desperate to get in touch with you. I think I've got a solution...
Then finally we'll get to how to improve your own information security which is relatively straightforward and well tested (it's just what we do at work) but will need a few videos on their own...
Also published on Medium.