A Quick Overview of the last minute things you can do, to comply with the GDPR in the first stage

You are too late and you know it. GDPR will hit us all tomorrow night and there is nothing we can do about it. As most of us are struggling to implement the full scope of GDPR, I know that you are having trouble prioritizing as well. The fact of the matter is, you have got one days work left to meet the most important requirements.

When you are short on time, you’ll need to prioritize. Here are the five pragmatic things that I would do today; worry about the rest tomorrow.

Note: This list is for everyone, if you run a b2b or b2c company, you should implement these five things before the deadline.

(01) Single opt-in newsletter subscribers

Collecting new Subscribers in a double Opt-In Process is nothing new, however, many people still have active contacts in their mailings that were once registered in a Single Opt-In Process.

Create a Segment of Subscribers that have been added manually or that signed up in a single opt-in process. Inform them about the changes before the 25th; you are not allowed to send them emails after the deadline without their consent. Therefore it is incredibly important that you get that double opt-in before the deadline

(02) List all tools where data could be saved

You need to know and show your customers/clients/employees where data is saved. Once you have that list, google that company + gdpr or in German (DSGVO). You will find a form (or better to say a contract) that you will need to sign or get signed by your companies managing director.

A copy of that signed document needs to be sent back to the Tool and they will countersign the document and send it back.

Remember its not only about your customer’s data but also about the date from your client and employees. Here are some examples

  • Storing employee records on a third-party software
  • CRM Tool to keep your Sales Funnel up to date
  • Using Google Drive to store customer data

(03) Create a quick processing directory

As previously explained, the GDPR concentrates on personal data. Your employee and clients data are also protected by the regulations. In order to fully understand how your firm processes the data and who has access to that data, you need to create a processing directory.

Note: This directory should be thoroughly created and designed. Due to the little time you have, I will quickly explain how you can create a quick and dirty version.

Create an excel file and list all your departments in the first column. Afterwards fill every row with the following information about that department.

  1. Description of the categories of affected persons (Name, Adress, IP Adress, Biometric Data etc.)
  2. Recipients whom the personal data have been disclosed or yet to be disclosed (HR, Marketing, Sales etc.)
  3. Is the data being transferred to countries outside of the EU (yes/no)
  4. When will the Data be deleted (E.g. After the End of the contract)
  5. Scheduled deadlines for the deleting the various categories of data
  6. What security measure is in place  to secure named data (E.g. encoding, external VPN, alarm system, regularly change passwords, key management etc.)
  7. Why are you allowed to save that data (legal basis)
  8. Do any service provider store the data (third-party tools)

(04) Your Website

Every firm has a website and your website is the first address people will start checking if you are operating within the means of the GDPR.

1. Check if you comply with the Google Analytics (GA) regulation.

  • Check if you are IP Tracking is set to anonymized
  • If you haven’t been tracking anonymized IP Addresses, make sure to delete the Historical Data.
  • Update the privacy policy in GA
  • Make sure that visitors can opt-out of being tracked from GA

2. Set your privacy policy page to „no-follow“ and afterward check the content.

3. Check if you are embedding YouTube with the privacy option

4. Check if your social sharing buttons are integrated with the Shariff-Solution or 2Click-Solution

(05) Write down what you have done so far

Solid documentation is half of GDPR. Make sure that you write down exactly what you have done to meet all requirements and save that in one central folder. It’s important to show that you are proactive about complying the regulations. As stated in a previous post, only a handful of firms will be complying with 100%. To ensure that you will be compliant within the next few months, document every step of the way.

If you have any further questions about our quick-fix solutions, feel free to contact us. You are welcome to use the comment section to share other quick wins and solutions that can be implemented at the last minute.