馃攳
GDPR Compliance 2020 Summary - 10 Steps in 10 Minutes to Avoid Fines - YouTube
Channel: Digitool
[0]
hey if you have data about your
customers employees or suppliers then
[5]
watch this video because a new law means
that you could be at risk at getting
[11]
fined 20 million euros marketing tools
that win you more work Digital GDPR is a
[23]
new law that's coming into effect on the
25th of May 2018 this is gonna totally
[30]
change how we store and use data and
they're gonna be pretty strict on it you
[36]
could get fined up to 20 million euros
so make sure that you're doing
[41]
everything so that you're compliant with
GDPR the problem is that a lot of
[45]
information out there about GDPR is
vague and full of legal jargon and it's
[51]
confusing how do you know how to be
compliant with GDPR
[55]
luckily we broke it down into 10 tips
you need to know to make sure you're
[60]
compliant to all the new laws the reason
these new GDP our laws have come about
[66]
is because the last time data protection
laws were created was in the nineties
[71]
since then there's been a boom of
technology like things like the internet
[75]
and people feel that they've lost
control of how their data is being used
[80]
and stored so the GDPR laws a
positive thing because they're allowing
[85]
the everyday person to take back control
of what data people have on them to make
[90]
sure you're compliant with GDPR the
first thing you need to know is what
[95]
data do you have on people and that
leads me to tip number one store all of
[100]
the data you have on your employees
suppliers and customers in an organized
[105]
fashion this is going to be helpful for
two reasons the first is that if a
[111]
person said hey business what
information do you have on me you want
[115]
to be able to get all of that
information to them as quickly as
[119]
possible and as accurately as possible
so make sure all the data you have is
[124]
organized so you can do that second
reason that's important is that if you
[128]
were to ever be investigated by the GDPR are you want to make
[132]
sure that you're showing that you know
what data you have on everyone so store
[137]
it in a really organized way now what is
data well personal data is any bit of
[143]
information that you could use on its
own or with another bit of information
[147]
to identify a person so that's going to
include their name their phone number
[153]
their telephone number photos of them
their IP address make sure you know what
[158]
data you have on people and identify
what that is tip number two is to make
[164]
sure that data is safely secured so what
measures have you got in place to make
[170]
sure that nobody could leak hack or
misplace that data if you're storing
[176]
that data digitally what safety measures
could you put in place could the
[180]
information be up there in the cloud do
you have antivirus software on all of
[185]
your devices if any of your devices were
lost could you remotely wipe that data
[190]
so nobody could access it start thinking
of these things because you want to make
[195]
sure your data is always in safe hands
similarly if you have hard copies of
[200]
your data what are you doing are you
securing that safely is it locked away
[204]
is it in a fireproof box are you making
sure that no one could access that
[209]
information who shouldn't be you also
want to make sure you record in the risk
[213]
assessment so actually write down what
safety measures you've gone to to make
[219]
sure that dates are safe
this is going to make sure everybody in
[223]
your team knows exactly what's happening
and should you ever be investigated
[227]
you're showing that you've already taken
necessary precautions tip three for
[232]
being GDPR compliant
don't hold on to date up unnecessarily
[237]
so this is a big one that's coming to
their new laws you can't hold on to data
[242]
if you don't know what you're going to
do with it you need to be totally sure
[247]
of why you've got someone's name or
email address so don't hold onto data
[251]
just in case it might become handy in
the future
[254]
tip 4 is you want to have a really
clearly written fair processing policy
[260]
this is something you're likely to
already have in this form of a privacy
[265]
policy so something you might be
familiar with all it is is it's a
[269]
document that really clearly explains
what data you're going to be taking from
[273]
people and how you're gonna be using it
every time somebody hands over a bit of
[278]
data to you you want to make sure that
they have clear access to your fair
[283]
processing notice GDPR have asked that
this fair policy notice has no jargon
[288]
and legally and waffly bits in there
that could be ambiguous so start with a
[293]
blank piece of paper and just in
layman's terms say what are you gonna do
[298]
with that information when right in this
document here are some questions to keep
[302]
in mind what information is being
collected who is collecting it how is it
[308]
being collected why is it being
collected how is it going to be used who
[314]
will it be shared with what will be the
effect of this on the individuals
[318]
concerned is the intended use likely to
cause individuals to object or complain
[325]
tip 5 if somebody asks what information
do you have on me do you have a process
[331]
so that you can easily give that to them
so with the new law you have to be able
[335]
to supply people with what information
you have on them if they ask you have to
[340]
supply this information within one month
of the mask in and you have to do it
[345]
free of charge so make sure you've got a
process in place so that you can quickly
[350]
get all the information you have on them
and send that over to them
[354]
tip six have a process in place where if
someone asks you to delete all their
[359]
data you can so if someone ask you to
delete all they don't so you have to
[364]
that's part of the new law so make sure
you know where all of the information
[368]
you have on them is so you can easily
wipe that now let's talk marketing and
[375]
how the laws are going to affect that
tip seven
[379]
allow people to positively opt-in to you
having their data and using it for
[384]
marketing purposes so what does this
mean it means that if you're going to
[388]
use someone's data for marketing they
have to take some sort of action to say
[393]
yes you can have my data and yes you can
use it for these reasons that's known as
[397]
positively opt-in it used to be the case
that you would go on to a website and
[402]
there would be a pre ticked box that
says yeah you can use my data for
[406]
whatever that's not the case anymore
people have to actively tick that box or
[412]
take another action some good examples
of getting people to positively opt-in
[416]
is having a tick box next to a contact
form that says yes you can use my data
[422]
and someone has to take that or to have
a double opt-in this is when an email
[427]
comes through to their inbox that says
click this button to be part of our
[432]
mailing list all so that we can use your
information for X Y and says if you're
[436]
collecting people's information in
person you could get them to sign
[439]
something to say that they're happy for
you to use their data in this way or you
[444]
could get them to take a box that says
I'm happy for you to do this whatever it
[448]
is make sure that someone is taking an
action and you have evidence that they
[452]
did that tip eight try layered opt-in
forms this is something the GDP are of
[457]
simplifying with and something I really
like so they look a little bit like this
[461]
this layered opt-in form allows users to
have easy access to understand their
[467]
information and how it's going to be
used but it doesn't look messy instead
[471]
they can click on a button and delve
into more information if they'd like
[476]
about how you're going to use it tip 9
if you're using people's information to
[481]
send their marketing make it really easy
for them to opt out of it
[486]
if you're using emails you need to make
sure people can unsubscribe same with
[491]
things like text messages and call
services similarly if you're sending
[496]
people mail make sure that you're
writing something at the bottom that
[499]
tells them how they can stop receiving
this mail the information for opting out
[504]
should be really clear and really
obvious don't use any small print also
[508]
make sure you have a really strict
policy
[511]
on how you're gonna make sure someone
that opt-out doesn't get any more
[515]
marketing materials from you this is
where you could really fall short to GDP
[520]
our law and get reported and that's when
them twenty million euro fines are gonna
[525]
come knocking at your door which we
don't want so you need that policy if
[529]
someone doesn't want to receive anything
anymore make sure everyone in your team
[533]
knows that and then no longer receiving
it tip 10 is make sure all your team
[538]
know about the new GDPR laws I would
actually put this in an email again just
[545]
to show GDPR that you'll be in very
conscious of the laws train all of your
[549]
employees on everything we've spoke
about today because it's just as
[553]
important that they do it so your whole
business isn't liable to be extra safe I
[558]
would also appoint you or someone in
your team to be the data protection
[563]
officer and make sure you've got this in
writing this means that person is
[567]
responsible for enforcing all the tips
we've spoke about today give you one
[571]
person toll or responsibility means that
these tips are much more likely to get
[576]
enforced because their checks and
balances are replacing your business now
[580]
they're all the tips that you want to go
and implement straight away because
[584]
that's when you fifth of May is coming
up soon but we've also been talking to a
[588]
lot of our customers about GDPR and some
questions just keep coming up time and
[592]
time again so let me try and answer them
for you now what if I want to buy data
[596]
how do I ensure that that is GDPR
compliant
[600]
great question well if you're gonna buy
data maybe like a big list of
[605]
everybody's email addresses or phone
numbers you need to make sure that the
[609]
person that you're buying that
information from has been GDPR compliant
[614]
you also need to make sure that every
single person on that list has actively
[619]
opted in to receive information or have
their data stored by a third party so
[625]
make sure you check with the person
you're buying this information from what
[629]
if I want to sell the business in the
future can I pass on the data I have on
[634]
my employees suppliers and customers to
the new business owner okay in this case
[640]
you want to have an assignment
within your fare processing notice the
[644]
assignment Clause should really clearly
state that if somebody else was to buy
[649]
your business the new business owner
will have all that data that you've
[653]
collected on someone they will then own
it and use it for the same purposes that
[658]
you have you also just want to make it
really clear to the new business owner
[662]
this is what we said we were going to
use the information for and you can't
[666]
use the information for anything else
unless you contact everyone again and
[671]
ask them to positively opt in what about
all of the existing data I have on
[675]
people can I keep this after the 25th of
May so when the new laws come in in May
[681]
you need to make sure that everybody
that you have information about is
[685]
consented to that your safest bet is to
contact all of your existing database
[689]
and just explain that the law is
changing and that they need to
[694]
positively opt back in to be able to
receive emails from you for you to
[699]
continue to have their data etc how you
choose to do that is totally up to you I
[704]
think the two easiest options is just
ask everyone to email you back saying
[709]
yes I'm fine with that or ask them to
click on a link that allows them to tick
[713]
a box to say yep I'm fine with all the
new laws changing and I'm fine for you
[718]
to still store my data so in short you
are going to have to contact everyone
[722]
and they are going to have to positively
opt back in for you to keep their data
[727]
and I hope you found these tips useful
if you've got any more questions comment
[732]
below and we will try and answer them to
the best ability we can also let me know
[737]
in the comments how you're getting ready
for the new GDP our laws and love to
[741]
hear more tips that we can share with
each other now small disclaimer all of
[746]
the information I've given today is
totally my interpretation of the
[751]
confusing legal jargon there is out
there about GDPR and on the ICO
[756]
website this is my interpretation
and I am NOT a legally trained at all
[761]
so do go and do your own research
because the information I'm giving is
[766]
merely advice I'd also like to give
special thanks to Frank Claydon from
[770]
hybrid legal she's helped us put these
tips together and given a lot of her
[775]
expertise now it's taken me a long time
to put all these tips together so I'd
[779]
really appreciate you giving this video
a thumbs up because that means more
[783]
people on YouTube will get to see this
video and be able to be GDPR compliant
[789]
also if you could subscribe that would
be great because I literally do a happy
[793]
dance every time we get a new subscriber
so press subscribe give us a like and I
[798]
cannot wait to see you in the next video
Most Recent Videos:
You can go back to the homepage right here: Homepage