General Data Protection Regulation, GDPR is an EU law that strengthens our existing data protection laws. It comes into force on May 28 2018.
The aim of GDPR is to ensure we treat people’s data with respect. You need to have a legal right to collect and process data. It needs to be stored in a secure, appropriate way. People need to be able to easily find out what data you hold on them. If they ask you to correct or delete it, you must do so promptly.
GDPR shouldn’t be a chore for most bloggers and digital influencers. It’s really about three key things:
1. Treat data with respect. Only collect what you need, and ensure it’s accurate, and that your data storage and processing is secure.
3. Review your IT arrangements so that you know all your computer systems are secure, including checking on any third-party services you use to store or process personal data.
A more in-depth explanation
- It’s not a cooked cake. GDPR is a new piece of EU law, but it’s going to be monitored by local organisations – in our case the ICO. With GDPR on the horizon lots of businesses are rushing to register with the ICO as “data controllers” to show their commitment to data privacy. This isn’t necessary if you only process personal data for “core business purposes of staff administration, marketing, PR and administration”. If you’re unsure if this exemption applies to you – take this quiz.
- You don’t need to rebuild your whole mailing list. One of the most common myths around GDPR is that you need to “re-permission” everyone who receives your emails to get their consent to continue mailing them. Nope. If you got opt-in consent in the first place, and have a clear “unsubscribe” option in your mailings, then you’re good to go.
- You may have legitimate interest to process data. If your business has a core activity that relies on processing personal data then this is considered allowable under “legitimate interest“. This is the basis under which our company will be operating, when processing influencer data, for example.
- Legitimate interest doesn’t cover direct marketing. So you may show a legitimate interest in contacting a mailing list with your latest blog post, but if you’re selling something directly then then that’s not covered by legitimate interest.
- You’ll still get press releases and PR pitches: I’ve read that nobody will be able to send unsolicited messages after GDPR. Yes, PR agencies need to comply with GDPR. This means they’ll need to show they hold only appropriate data, and it’s up to date and can be deleted on request. But they’ll still be allowed to send you material providing they can demonstrate it’s potentially useful for you in creating online content (so it should be relevant and they may well request an update to your details)
- As a citizen you have more rights. As an individual GDPR protects your data, so it’s not all about what you have to do. Under GDPR you can ask any organisation what data they hold about you, request amendments, or ask for that data to be deleted. Companies will be required to comply with such requests swiftly.
- Check in on your IT systems and processes. One of the key requirements of GDPR is ensuring that where you hold personal data, it’s collected, stored and processed securely. So make sure laptops are password protected, office doors (or filing cabinets) are securely locked, and computers have up-to-date security software installed. Consider moving your blog to HTTPS.
- Check out your suppliers. Think about all the third party sites where you might store personal data. Do you use third-party giveaway widgets? Have a hosting company? Use a cloud-based back-up service? Do a quick check on their sites for GDPR compliance. And don’t forget that you still need to ensure your systems protect that personal data when you’re accessing and viewing it via a third-party site or tool.
information via tots100.
3 ways to style your pinafore dress xxox