View profile

The Disruptor's Handbook 4 Step GDPR Guide

Europe's General Data Protection Regulation law (GDPR) comes into force on 25 May, 2018. So whether y
Disruptors Handbook
The Disruptor's Handbook 4 Step GDPR Guide
By Disruptors Handbook • Issue #94 • View online
Europe’s General Data Protection Regulation law (GDPR) comes into force on 25 May, 2018. So whether you like it or not, if you have European subscribers to your mailing lists, or if you do business with Europe, you have to prepare for it. Even in Australia
Yes we know it’s pain in the neck, so we are making it easy for you. Here’s our 4 -step plan for what you need to do:
1. Implement appropriate technical and organisational measures for data protection. This means you have to have adequate security layers around any systems used for collecting personal details, including email addresses. Head to your site host and see what they have done to set you up for GDPR. GoDaddy, for instance, has done most of the work for you, particularly if you have a Wordpress site. (And there’s always Cookiebot if you’re on a Wordpress site but not with a sitehost that does these kinds of things for you.)
If you use a cloud based (third party) system, you have to check it’s adequately secure.  But that usually just means checking the sites themselves. Mailchimp, Google and Salesforce all have GDPR-ready processes and resources.  
2. Update your data breach notification, privacy policy and cookies policy. Yes this means you need to actually do stuff, but there are great templates (data notification policy / privacy policy / cookies policy) out there. Cookiebot has a compliance testing tool that can help check on your compliance. And many plugins do this for you, too. 
3. Ensure your messaging includes instructions on how to manage personal information. This will appear on your privacy policy, but essentially you need to facilitate the capacity for individuals to request a copy of information you hold on them, as well as the capacity to have their data removed. It’s done via a Subject Access Request. Probably best to prepare your own form (like this one) and just create a link to it in the footer of your messaging. There’s even a flow chart you can use on how to respond to SARs. 
4. Do a regular security audit and keep records of those audits.  The kind of documentation they are looking for looks like this one prepared by rapidfiretools
You can read more in the GDPR portal. But essentially, you just need to do it. It won’t take long, but with only three weeks to get compliant, it’s probably worth getting on to it if you haven’t already.  

For: Corporate Innovators
How to prepare for a new era in corporate culture
For: Your Crowded Diary
Leading Information Governance
For: Tech Entrepreneurs
Your data is valuable, but you’re never getting paid for it
For: The Global Executive
Bill Gates told Trump that being his science adviser is ‘not a good use of my time’ - The Verge
Reddit co-founder Alexis Ohanian on innovation, entrepreneurship, and defaulting to 'yes'
    | Hub
For: Innovation leaders
Did you enjoy this issue?
Disruptors Handbook

Latest news on corporate innovation and enterprise startups from the Disruptor's Handbook.

If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
Powered by Revue
Level 4, 91 Campbell Street, Surry Hills, NSW Australia