Five last minute things you must do today GDPR

A Quick Overview of the last minute things you can do, to comply with the GDPR in the first stage

You are too late and you know it. GDPR will hit us all tomorrow night and there is nothing we can do about it. As most of us are struggling to implement the full scope of GDPR, I know that you are having trouble prioritizing as well. The fact of the matter is, you have got one days work left to meet the most important requirements.

When you are short on time, you’ll need to prioritize. Here are the five pragmatic things that I would do today; worry about the rest tomorrow.

Note: This list is for everyone, if you run a b2b or b2c company, you should implement these five things before the deadline.

(01) Single opt-in newsletter subscribers

Collecting new Subscribers in a double Opt-In Process is nothing new, however, many people still have active contacts in their mailings that were once registered in a Single Opt-In Process.

Create a Segment of Subscribers that have been added manually or that signed up in a single opt-in process. Inform them about the changes before the 25th; you are not allowed to send them emails after the deadline without their consent. Therefore it is incredibly important that you get that double opt-in before the deadline

(02) List all tools where data could be saved

You need to know and show your customers/clients/employees where data is saved. Once you have that list, google that company + gdpr or in German (DSGVO). You will find a form (or better to say a contract) that you will need to sign or get signed by your companies managing director.

A copy of that signed document needs to be sent back to the Tool and they will countersign the document and send it back.

Remember its not only about your customer’s data but also about the date from your client and employees. Here are some examples

  • Storing employee records on a third-party software
  • CRM Tool to keep your Sales Funnel up to date
  • Using Google Drive to store customer data

(03) Create a quick processing directory

As previously explained, the GDPR concentrates on personal data. Your employee and clients data are also protected by the regulations. In order to fully understand how your firm processes the data and who has access to that data, you need to create a processing directory.

Note: This directory should be thoroughly created and designed. Due to the little time you have, I will quickly explain how you can create a quick and dirty version.

Create an excel file and list all your departments in the first column. Afterwards fill every row with the following information about that department.

  1. Description of the categories of affected persons (Name, Adress, IP Adress, Biometric Data etc.)
  2. Recipients whom the personal data have been disclosed or yet to be disclosed (HR, Marketing, Sales etc.)
  3. Is the data being transferred to countries outside of the EU (yes/no)
  4. When will the Data be deleted (E.g. After the End of the contract)
  5. Scheduled deadlines for the deleting the various categories of data
  6. What security measure is in place  to secure named data (E.g. encoding, external VPN, alarm system, regularly change passwords, key management etc.)
  7. Why are you allowed to save that data (legal basis)
  8. Do any service provider store the data (third-party tools)

(04) Your Website

Every firm has a website and your website is the first address people will start checking if you are operating within the means of the GDPR.

1. Check if you comply with the Google Analytics (GA) regulation.

  • Check if you are IP Tracking is set to anonymized
  • If you haven’t been tracking anonymized IP Addresses, make sure to delete the Historical Data.
  • Update the privacy policy in GA
  • Make sure that visitors can opt-out of being tracked from GA

2. Set your privacy policy page to “no-follow” and afterward check the content.

3. Check if you are embedding YouTube with the privacy option

4. Check if your social sharing buttons are integrated with the Shariff-Solution or 2Click-Solution

(05) Write down what you have done so far

Solid documentation is half of GDPR. Make sure that you write down exactly what you have done to meet all requirements and save that in one central folder. It’s important to show that you are proactive about complying the regulations. As stated in a previous post, only a handful of firms will be complying with 100%. To ensure that you will be compliant within the next few months, document every step of the way.

If you have any further questions about our quick-fix solutions, feel free to contact us. You are welcome to use the comment section to share other quick wins and solutions that can be implemented at the last minute.

My View on the General Data Protection Regulations

Only a few Days left until the General Data Protection Regulations kick in

In a few days, everyone will feel like they have graduated from college again. The time to implement the General Data Protection Regulations (GDPR) or also know as “Datenschutzgrundverordnung (DSGVO) will end at 11:59pm. Many firms are waiting until next week to start with the first implementation, some have been working on it for months and some people will finish just on time. I guess, nothing has changed since college.

If you run an a data-heavy business or are part of a larger corporation, you are most likely part of a group of people that don’t have to worry too much anymore. You have been notified by your lawyers 2 years ago that there are some changes coming. However most of the people are not prepared and if you are prepared, you are still worried if you comply with all the regulations that have been set.

At this point, it is important to inform you, that most likely only a handful of firms will be complying with the GDPR to 100%.

Who is affected by the GDPR / DSGVO?

Everyone who is interacting with personal data of European citizens has to comply with the regulations. Many people are confused by the term “personal data” and believe that the term focuses on consumer or customer data, this is not true. The information about your employees, service partners, and logistic partners are also personal data. Meaning, if you are currently a one-man-show startup or a 200 employee strong business, you have to comply with the GDPR in one way or another (B2B or B2C in the EU).

The easiest way to put it, if you are hosting a website for your business and you have traffic coming in from EU Citizens, you are part of the GDPR.

Help! What can I do?

First of all, breath and remember that you are not alone. When you wake up on the 26th of May, you won’t get a phone call from your lawyer letting you know there is a 2.000.00 € lawsuit coming your way.

At this point in time, you will most likely not be able to implement every change if you haven’t started yet. However, you are able to set the foundation for your further efforts.There is enough information online for everyone to read for the next few years. Inform yourself about the fundamental changes and what you can do to take the first steps.

The 2 biggest task for firms:

  • Make a list of every department, what data they work with, how they work with the data, who has access to that data and what measures have been taking to secure that data.
  • Make a list of service providers you work with, that stores personal data of you, your consumer, your employees or anything else and ask them what you need to do.

The key aspect is to show effort this late in the process. If your firm is not yet complying with all regulation, take the needed measures to build the needed foundations and build from that.

This is just crazy!

The changes of the GDPR / DSGVO are designed to Facebook and Google, and this can be frustrating for a lot of firms. However, if we are being honest with ourselves, the basic principles and the idea is way overdue and the effects of that have been visible in the news for the last months.

Still, I believe that many principles of the regulations cannot be implemented in every market. Two key design flaws of the regulations are, not to differentiate between a B2B and B2C Markets and declaring every personal data aspect to a white house security level.

Say for example you are visiting the biggest fair for your market and you ordered 200 brand new business cards to hand out in the next few days. At the end of the 2 days, you have handed out most of your business cards and are holding almost 200 new ones. Back in the office, you will upload all the new contacts into your sales software, to follow up on any conversations you have. However, before you are able to follow up you will need to send the business card owner a formal Email notifying her or him, that their contact information is now stored in your systems and that if he wants to opt-out he can do this by contacting you. After you have written this email you will have received 200 emails notifying you as well, that your contact information is now stored in their systems.

Whoever doesn’t know that their contact information is stored somewhere after handing it out, should not hand out business cards at all. You shouldn’t need to notify them about saving the contact information.

Therefore I believe that the current regulations will not stand as they are today, change will come in the near future. Despite that, firms will need to take action and we will all learn more about data privacy in the past 10 years.

I want to know more about the GDPR / DSGVO and I have some questions.

We have worked closely with our clients to prepare them for the regulation changes. During that process, we have gained interesting and powerful insights.

If you are looking for a young and energetic group of entrepreneurs to help you out. We would love to get in contact with you help you.

We are not lawyers but we can share some of our insights and take a look at your current organizational situation – from a purely pragmatic point of view. A fundamental view of your structure and a list of your highest pain points is the first step into a GDPR / DSGVO friendly life.

No one will be done on the 25th of May, even if you believe you are the GDPR doesn’t stop after that Date. It’s at that point in time, where the GDPR will take a real effect on your business. You need to be able to understand the regulations and the implications for new processes within your company.


A sign that none of the regulators really ever developed a digital product is, setting the go live for a Friday evening. Just so that the problems can come flying in, first thing on Saturday when no one is working. If you have ever launched a digital product on a Friday, you will know what I am talking about.