How to make sure you are compliant
Our suggestion: Add a note to your subscription form to inform all your contacts about your Privacy Policy Page to learn about their rights in relation to their consent and collected data. In this privacy policy page, you will need to give information to your user on how they can access their data and how they can modify it. As of now, eFlyerMaker doesn’t allow the users to see their own data nor to modify it themselves, we therefore recommend you to refer to a DPO (Data Privacy Officer) in your privacy policies. Users wishing to know what kind of data that you hold or wishing to modify it will have to contact this person.
Off course, this is relevant mostly for European contacts.
By chance, our subscription forms are built in a way that you don’t need to worry about the consent aspect of email marketing. Not only do we have 2 different checkboxes for consent and subscription, but we also have double opt-in! Meaning that your contacts need to confirm their subscription in order to receive emails from your company.
Here are 6 steps to make sure your company is consistent with the GDPR:
- Name a DPO (Data Privacy Officer)
- Maintain a record of treatments and evaluate the impact of the GDPR.
Who: Actors responsible for the data treatment.
What: The nature of the personal data being collected in your forms.
For what goal: Indicate why you are collecting this data and how will you use it.
How: The actions made to treat the data and to secure the process of collecting it.
Where: You must be able to identify where the data comes from and where it is going; transfers, the country and the host’s address.
Until when: determine the duration that you will keep the data.
- Determine the actions with higher priority.
- Such as: the consent, the respect of private life, the right to erase data and the right to transfer his data.
- Conduct an impact analysis to manage risks.
- Such as: a study to determine the risks of the potential non-conformity, to determine how to improve the data treatment for it to respect your users rights.
- Initiate the appropriate internal procedures.
- Verify the technology capacities, the training of your team.
- Keep a proof of conformity on paper.
