At last, I finally get it. No legal jargon. No meaningless fluffy overviews. Just the practical steps, in real terms, of what I need to do to be GDPR compliant. Brilliant! Thank you sooooooo much. Have shared on Facebook with all my friends and business owners.
Thank you so much for this useful guide! I have been researching for weeks and it's lovely to see it all put together in tips like this. Clear and easy to understand. Very much appreciated from a small business owner! :)
Love it, people are literally being SCARED out of business because of this stuff, you make it all sound simple which is GREAT! Shared your video with my 18,000+ FB group members just now to help them (and you) out :) Thanks!
I was wondering what GDPR actually was. 13 minutes later, with simple and clear words ..I really feel I do. That was brilliant. Summing up all this in such a short time, making it understandable by anyone. Great work there !
GDPR was confusing for me but your explanation made it easy to understand and to act upon. Definitely, one of the best explanations I came across ever.
Thanks this has saved me as I love watching videos instead doing all the reading to research what I need to do. You are very good at this. It is clear, well thought out, easy to understand, helpful and super informative. I feel really confident about what to do so thanks again.
Absolutely superb. Easy to understand with no Jargon. As a very small business i am now confident that i can meet all GDPR principles. Thank you very much.
Great work, really. Within my research for GDPR, this was the 1st video that was not just saying a few (general and confusing) things about GDPR, only to continue with promoting a product or service. Many thanks ..
Thanks for taking time out to leave such lovely feedback George :) Not here to promote anything, I just did the research for our own business and felt I could save people some time by explaining what I had learnt along the way. Daisy :)
Thanks for the lovely comment, compressing the info into something that was easy to understand took a lot of late nights, coffee and pizza deliveries :)
Daisy, thank you for inviting us to post questions. I do have one. I own a small company, that provides services to "Individual Professionals" (like a lawyer, or engineer) and "Companies" ONLY. I am talking about "Legal Entities" with Tax books, that must provide their VAT number, in order to accept an Invoice (not a simple Receipt). I have nothing to do with Retail market, I cannot sell anything to a "Person" (my Tax books, do not allow me to). The only data I keep about my Customers & Suppliers, is their "Tax data", the ones needed to issue or accept an invoice. The only "persons" I communicate with, are the employees of my Suppliers and the employees of my Business Customers (companies). The only data I have about them, is what is usually written in their Email signature (like Name, Job title, Email, Phone, Work address). The only way I use their data, is to communicate with them. I do no marketing at all, I do not collect any data from any source, I do not give any person's data to anybody. The ONLY "person" I deal with, is my 1 employee. His data, are provided only to my company's accountant. SO, the question is: Does GDPR "touches" my company ? Thank you.
Hey George, Great question! So, yes GDPR does affect your company but don't worry there isn't too much extra work to do! You will still have to take necessary precautions to make sure that data is safe and couldn't be misplaced or stolen. You will also need a system in place in case someone requests what data you have on them (this doesn't need to be anything too advanced, you just need a very clear idea of ALL the information you have on a customer so you can give that to them should they ask for it). I would consider putting all the GDPR marketing provisions in place (such as a privacy policy and opt in form) JUST IN CASE you want to market to your customers in the future. You don't have to send them any marketing but, I'd rather have the provisions in place than realise you want to market to them later down the line and realise you can't. Hope this helps! Daisy
Thank You Digitool for putting together this great video for all of us that are still currently baffled by what to do next to prepare for GDPR! The video really brought back memories of when I was a Health and Safety Officer in corporate retail! The terms are different, but the logic and processes are basically congruent with each other. The amount of clarity you shed light on is incredible, and I absolutely love the small Q&A for real business situations! I've shared the video on my FB and LinkedIn, I'll be sure to target any further questions back to your site. Thanks again for the awesome video!
Tip 6 depends on who is collecting your data and for what reason, if you have entered into a contract with a financial services firm, they would normally need to hold onto the information for at least 6 years (for some pension transfers for your whole life), so that they can defend themselves against a claim for financial mis-selling. The law may also instruct the firm to hold onto personal data, such as HMRC etc. So the answer is no, there is no blanket requirement for a company to destroy your personal data. If depends.....
#GDPR is all about assessing the risk to data subjects. GDPR compliance is a continuous process. The worst thing organisations can do is not do anything at all! Good points raised in this video! However, it is the ICO (Information Commisioner's Office) that is the supervisory authority (SA) in the UK. They investigate GDPR compliance. ICO guidance and advice is the best to follow. (2:08)
Great video and tips, tks! Not sure if you are aware of, GDPR rules in Brazil will be effective on February 16, 2020. Basically, it is a ctrl C/ctrl V version of the EU GDPR rules, so we are trying to understand it from the very beginning.
Student doing aproject on an insurance firm here and wasn't quite up to date with that GDP Regulations nitty gritty thanks for putting me up to date ;)
1. Organise your data 2. Make sure data is secure 3. Don't keep data unnecessarily 4. Write a clear fair processing notice 5. Have a process for providing the information you have on a person 6. Have a process for deleting data 7. Allow people to "postively opt in" to you storing their data 8. Try a layered optin form 9. Make it easy to opt out 10. Make your team aware of the new GDPR laws
Interesting and informative. I work with a charitable foundation and keep information on our volunteers. These are not employees and they don't sell anything. We also have patients that we deal with . It would be interesting to know what to do about their records.
Another example of when consent goes too far in our society honestly. Legitimately GDPR is taking huge amounts of advertising opportunities away because we now have to be like "Are you sure, are you sure you're sure? Are you REALLY SURE?" I mean come the heck on. Meanwhile I receive robocalls daily because our existing infrastructure can't stop those guys and I gave absolutely no consent to that. But yeah thanks for the clarification, it's definitely not a 2020 summary as the title says but this was very useful none the less.
what I personally believe is that these set of rules were aimed to control big companies behavior with data but the outcome was that these companies have huge number of lawyers and they can easily adjust to them. overall they got no major changes in their business. on the other hand, small and medium business will suffer complying with these rules and their job will more likely become very challenging. so as a result the rules served indirectly the big companies from any disturbing possibilities of new growing businesses.
The data deletion policy and procedures must also consider other applicable laws. In case of consent withdrawal, data processor shall stop processing this data for business purposes, but might be legally or regulatory required to keep this data for a period of time defined by a law or a regulation.
Very useful and well structured video. Thank you. However it’s worth pointing out that the need for customers to opt in to electronic marketing communications has been in place for 15 years! (Privacy and Electronic Communications Act, 2003). It’s not new in GDPR.
Absolutely Rachel! If someone hands a business card to you, that is an example of someone giving an 'opt-in' action to you having their contact details, however, if you want to use this person's information in another way ie. add them to your mailing list you will have to get them to 'opt-in' to that too and ensure they have access to you fair notice policy.
Thank you for the video. Two questions, first, what about emails you are finding on business or organisation's website or a leaflet. Doy you still ask them if they want to stop receiving emails from you? Obviously they want to be contacted! Second, what about old friends or groups of friends. Do I have to ask all of them too? Thanks.
Hi, I found your video extremely informative and well explained, thank you for that. My question is with regard to compliance by government bodies: is there mention of what government bodies can and cannot do with data it collects ? and are there consequences on it in the event of a breach by them ? Thank you.
But, unfortunately You haven't mentioned the situation, when i use cookies only to store a session number or something else strings of data, that has been saved only in order to help the user to not input this string again and again, when he/she's working with my website. And nothing personal data, nothing names, phonenumbers e.t.c. Just for a technical use. As i know, in that case, i do not need to inform about cookies saved at all. And You did not mentioned nothing about - can i use any code (javascript banner's code) i like, or i should only use a script banner code from an official GDPR approved services? Because, i'd write that code by self, in order to be more compact looking, and less annoying .
Very useful, but I have one question. What is the situation regarding invoice and transaction data in e-commerce? The obligation to keep these records for the tax authorities to inspect seems to conflict with the "right to delete". If a customer comes to me and demands that I delete all her invoices which government department wins or do they both fine me?
Hey Conrad, great question. My understanding is that you can keep these records but would delete the information needed to market to her. Although this is just my interpretation and I'm not legally trained, I'd double check this with the ICO helpline, I've found them useful. ico.org.uk/global/contact-us/helpline/ I've found them really useful at answering specific questions :) Hope this helps and let me know what they say! Daisy
Thank you so much for the enlightening the complex and confusing GDPR for us. I still have a question in relation to what is sensitive data and non-sentive data and what to do with non-sensitive data. "Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice". I am aware that for sensitive date the person has to actively opt-in. The information I have on my emailing list is the person's name and email only and only use this information to inform them of my work and never pass their information on to third party. If name and email address is non-sensitive data, would it be enough if I email everyone informing them of what information I have of them, that I use the information only for informing them of my work and nothing else, and under no circumstances any information will be shared with third party and if they do not wish to be part of this list they can unsubscribe at any time by clicking the unsubscribe button?
This is a very good and informative video and easy to follow. My main thought however is that most small businesses will only do the very basics. I cannot see sole proprietors and other small businesses writing out data security and data retention policies etc etc. My take from this is that as a basic minimum you need to contact everyone in your database and get their consent to keep the data and delete those that do not consent. The other really good point from this is to make sure the data you do keep is secure - for example if someone breaks into your business and steals the small file server you keep and the data is not encrypted you could get caught out quick easily. Overall great video - I wouldn't worry about the 20 million euro fines however as I think they will be directed at the big bully organisations out there that choose to flout the law.
A good video for sure and well put together, but I feel it would have been beneficial to talk about the lawful bases defined under GDPR for processing data - you talk a lot about getting consent from individuals to process their data, but that is only one of the six lawful bases we can use. I understand consent largely applies when it comes to marketing emails etc, but when an organisation has a specific purpose for processing a persons data, "legitimate interest" is often more suitable than consent, not to mention "legal obligations" when it comes to a persons data relating to contracts, pay or other relevant areas. I fear "consent" has become the go-to lawful basis, when it should only really be used when necessary. So long as your privacy notices and policy explain things clearly, person data can still be processed without consent when appropriate - you just need to make them aware through your privacy notice.
Hi, your tips are perfect! We're going to follow your checklist on our websites! Can you please tell me, do we need to make the same if we have an app in AppStore? We don't collect names and emails but we definitely use some ads and analytics tools....
nice video! But, I was wondering, what about "Goodbye E-mails"? They are automatically sent after someone unsubscribes, like a last ditch effort to try a persuade a subscriber to stay with us. Are those kind of emails "outlawed" now, after GDPR?
Thanks - that's the best explanation I've seen so far. Liked and subscribed :) Two questions - the ICO and the regulations say that the DPO must be qualified - but they don't seem to show the qualifications. Any ideas there? Also, some of our providers (such as our Content Delivery Network) have asked us to sign a DPA - while other providers have not. Should we be wary of those who have not asked?
I work for a business that sells home improvements, the data we have is used for guarantees, our guarantee is 10 years so we keep data for that long we also keep limited data to prove when the guarantee has ended, can someone ask for that data to be deleted? If so how do we prove when products were installed????
I am a startup and gathered about 80 email addresses which took about 2 days ..sent them an email...and several got back...saying you did not have my consent to contact me, I looked up gdpr and realised its pretty hardcore...now i have contacted a couple of the guys to take off my system and one of them is saying ...still not compliant..and he gives me a month to sort it out...so im in the shit on day one of my new business... im skint and the last thing i need is some guy hounding me and trying to put me out of business on day 2 because of a simple mistake and a single email. personally i think it is ridiculous. How am i meant to market new clients in this environment.
Really great video thanks! I have a question/observation on your last point about having an existing customers who are on an email newsletter opt in again. I am on probably 20+ lists, and I have not gotten a single request to opt in again (I live in the US), so are you sure about this requirement?
Excellent video. We are a small business and make print hard copies of the customer invoices, dispatch notes etc for accounting and audit purposes , under the new laws are we allowed to store these records and is there anything that we should be mindful of when maintaining these hard copy records . We also store the customer/ supplier details in our computers and servers should they be stored with password protection
Great stuff Daisy. I was checking it as well and I that found unzeenu.com Limited is the 1st company in the world to be GDPR compliant and was registered with ICO in the UK . Not really sure if google and facebook are still compliant 100%
Isn't tip 9 and 6 can contradicts themselves? If someone asks you to delete all the data you have on them (6) and to never contact them again (9)...you will have to record that this person does not want to be contacted again...which means you'll have data on them (the fact that they don't want to be contacted). Anyway, that law is a bit vague at times imo, but thanks a lot for the tips.
As a web developer I have watched 6 videos this morning trying to get an understanding of GDPR. This is by far the best one.
This has been more informative that the hour long webinar I did today. Thank you!
No worries Ben, always happy to help :) Daisy
At last, I finally get it. No legal jargon. No meaningless fluffy overviews. Just the practical steps, in real terms, of what I need to do to be GDPR compliant. Brilliant! Thank you sooooooo much. Have shared on Facebook with all my friends and business owners.
best video on gdpr so far, with just the right amount of details
Want to learn more about GDPR Compliance : stafftimerapp.com/blogs/gdpr-compliance-and-employee-data-monitoring
Thank you so much for this useful guide! I have been researching for weeks and it's lovely to see it all put together in tips like this. Clear and easy to understand. Very much appreciated from a small business owner! :)
Amazing information. Thanks so much, Digitool! First-time viewer and just subscribed, so enjoy your happy dance, Daisy!
Love it, people are literally being SCARED out of business because of this stuff, you make it all sound simple which is GREAT! Shared your video with my 18,000+ FB group members just now to help them (and you) out :) Thanks!
I was wondering what GDPR actually was. 13 minutes later, with simple and clear words ..I really feel I do. That was brilliant. Summing up all this in such a short time, making it understandable by anyone. Great work there !
GDPR was confusing for me but your explanation made it easy to understand and to act upon. Definitely, one of the best explanations I came across ever.
GDPR is a goldmine for we folks doing website maintenance. Keep it coming :)
Or lawyers
Thanks this has saved me as I love watching videos instead doing all the reading to research what I need to do. You are very good at this. It is clear, well thought out, easy to understand, helpful and super informative. I feel really confident about what to do so thanks again.
Absolutely superb. Easy to understand with no Jargon. As a very small business i am now confident that i can meet all GDPR principles. Thank you very much.
Excellent job, Daisy! After reading so many articles that only left me with more questions, this video made everything about GDPR "click".
Thanks Javier! And thank you for taking the time out to see the video.
Great work, really.
Within my research for GDPR, this was the 1st video that was not just saying a few (general and confusing) things about GDPR, only to continue with promoting a product or service.
Many thanks ..
Thanks for taking time out to leave such lovely feedback George :) Not here to promote anything, I just did the research for our own business and felt I could save people some time by explaining what I had learnt along the way. Daisy :)
You are awesome for taking this awful big information of gdpr and compressing it into a 13 min video... Thank you very much
U helped a looooooot
Thanks for the lovely comment, compressing the info into something that was easy to understand took a lot of late nights, coffee and pizza deliveries :)
Daisy, thank you for inviting us to post questions. I do have one.
I own a small company, that provides services to "Individual Professionals" (like a lawyer, or engineer) and "Companies" ONLY.
I am talking about "Legal Entities" with Tax books, that must provide their VAT number, in order to accept an Invoice (not a simple Receipt).
I have nothing to do with Retail market, I cannot sell anything to a "Person" (my Tax books, do not allow me to).
The only data I keep about my Customers & Suppliers, is their "Tax data", the ones needed to issue or accept an invoice.
The only "persons" I communicate with, are the employees of my Suppliers and the employees of my Business Customers (companies). The only data I have about them, is what is usually written in their Email signature (like Name, Job title, Email, Phone, Work address). The only way I use their data, is to communicate with them.
I do no marketing at all, I do not collect any data from any source, I do not give any person's data to anybody.
The ONLY "person" I deal with, is my 1 employee. His data, are provided only to my company's accountant.
SO, the question is: Does GDPR "touches" my company ?
Thank you.
Hey George,
Great question! So, yes GDPR does affect your company but don't worry there isn't too much extra work to do! You will still have to take necessary precautions to make sure that data is safe and couldn't be misplaced or stolen. You will also need a system in place in case someone requests what data you have on them (this doesn't need to be anything too advanced, you just need a very clear idea of ALL the information you have on a customer so you can give that to them should they ask for it).
I would consider putting all the GDPR marketing provisions in place (such as a privacy policy and opt in form) JUST IN CASE you want to market to your customers in the future. You don't have to send them any marketing but, I'd rather have the provisions in place than realise you want to market to them later down the line and realise you can't.
Hope this helps! Daisy
Thank you very much, George
No worries George, glad we could help :D
excellent. the best overview explanation I've seen!! super clear and enjoyable to watch. thank you!
Thank you for the lovely feedback Nancy, glad it was clear. Good luck with the GDPR changes and let me know if you have any questions :) Daisy
Nancy Preston hh
Yes, I agree, super healthy tips! Thanks!
Want to learn more about GDPR Compliance : stafftimerapp.com/blogs/gdpr-compliance-and-employee-data-monitoring
Thank You Digitool for putting together this great video for all of us that are still currently baffled by what to do next to prepare for GDPR!
The video really brought back memories of when I was a Health and Safety Officer in corporate retail! The terms are different, but the logic and processes are basically congruent with each other.
The amount of clarity you shed light on is incredible, and I absolutely love the small Q&A for real business situations!
I've shared the video on my FB and LinkedIn, I'll be sure to target any further questions back to your site.
Thanks again for the awesome video!
Tip 6 depends on who is collecting your data and for what reason, if you have entered into a contract with a financial services firm, they would normally need to hold onto the information for at least 6 years (for some pension transfers for your whole life), so that they can defend themselves against a claim for financial mis-selling. The law may also instruct the firm to hold onto personal data, such as HMRC etc. So the answer is no, there is no blanket requirement for a company to destroy your personal data. If depends.....
You got a true follower. Best content on GDPR so far. Thanks a lot sharing with us.
Well done. Learn so much about GDPR in a short time frame. Thanks!
Thank you! We're happy that you learned so much about it in a short time.
#GDPR is all about assessing the risk to data subjects. GDPR compliance is a continuous process. The worst thing organisations can do is not do anything at all!
Good points raised in this video! However, it is the ICO (Information Commisioner's Office) that is the supervisory authority (SA) in the UK. They investigate GDPR compliance. ICO guidance and advice is the best to follow. (2:08)
Best GDPR explanation in the shortest possible time! Great Job Daisy! 👍
Great video, we're going to show this to our employees.
Very nicely explained.
Useful video. Many thanks.
Thanks! Glad you enjoyed the video!
Great video and tips, tks! Not sure if you are aware of, GDPR rules in Brazil will be effective on February 16, 2020. Basically, it is a ctrl C/ctrl V version of the EU GDPR rules, so we are trying to understand it from the very beginning.
Student doing aproject on an insurance firm here and wasn't quite up to date with that GDP Regulations nitty gritty thanks for putting me up to date ;)
No worries - I'm so glad it can be useful. Good luck with your studies, Daisy
Very helpful to understand ...GDPR. Thank you!!
1. Organise your data
2. Make sure data is secure
3. Don't keep data unnecessarily
4. Write a clear fair processing notice
5. Have a process for providing the information you have on a person
6. Have a process for deleting data
7. Allow people to "postively opt in" to you storing their data
8. Try a layered optin form
9. Make it easy to opt out
10. Make your team aware of the new GDPR laws
This was very useful! Thank you for sharing all this info:)
Very detailed , wonderful. Thanks
Thanks! Glad you enjoyed the video!
Much clearer than anything else I have seen, thank you.
Not a problem Karen, so glad you found it useful :)
If you want to save your business from the fines regulated by EU GDPR then
CLICK HERE : bit.ly/2MbIchU
Want to learn more about GDPR Compliance : stafftimerapp.com/blogs/gdpr-compliance-and-employee-data-monitoring
Interesting and informative. I work with a charitable foundation and keep information on our volunteers. These are not employees and they don't sell anything. We also have patients that we deal with . It would be interesting to know what to do about their records.
Another example of when consent goes too far in our society honestly. Legitimately GDPR is taking huge amounts of advertising opportunities away because we now have to be like "Are you sure, are you sure you're sure? Are you REALLY SURE?" I mean come the heck on.
Meanwhile I receive robocalls daily because our existing infrastructure can't stop those guys and I gave absolutely no consent to that.
But yeah thanks for the clarification, it's definitely not a 2020 summary as the title says but this was very useful none the less.
This has been so informative on GDPR than any that i have yet to come across :-)
This is really helpful, summarizes the concept and tips are great as well.
Thank you Cynthia :) I appreciate the time you've taken to comment - that's so kind
what I personally believe is that these set of rules were aimed to control big companies behavior with data but the outcome was that these companies have huge number of lawyers and they can easily adjust to them. overall they got no major changes in their business. on the other hand, small and medium business will suffer complying with these rules and their job will more likely become very challenging. so as a result the rules served indirectly the big companies from any disturbing possibilities of new growing businesses.
Thanks for the easy to understand explanation and list, best one i've seen all day :)
very detailed and informative! thanks for this! SUBSCRIBED :)
terima kasih banyak atas panduan yg anda berikan semoga menjadi ilmu yg bermanfaat bagi saya
this was useful - thanks :-)
Glad it was helpful!
Brilliant! Just what I was looking for, many thanks very clearly explained.
Zest Virtual Solutions thanks so much for the comment :) so glad it could help you out. Daisy
thanks for summarizing it
X2 speed - much more entertaining & less boring +saves time
So if I get a speeding or parking fine through the post, I can phone them up and demand they delete all my data from their system?
Yeah, thats inaccurate. If there is a legal/regulatory basis for holding the data it can't just be 'deleted'
they would probably rely on a legal basis for processing like legitimate interest
The data deletion policy and procedures must also consider other applicable laws. In case of consent withdrawal, data processor shall stop processing this data for business purposes, but might be legally or regulatory required to keep this data for a period of time defined by a law or a regulation.
Àaaààààaàaà
A
Wow fantastic presentation we are undertaking a GDPR review with Deloitte but your explanation and examples are great.
Thank you for this helpful video on GDPR!
Glad it was helpful!
Fantastic video and very helpful! Good work done!
Very useful and well structured video. Thank you. However it’s worth pointing out that the need for customers to opt in to electronic marketing communications has been in place for 15 years! (Privacy and Electronic Communications Act, 2003). It’s not new in GDPR.
This is a brilliant video, thanks for taking the time to create it.
You must check unzeenu privacy policy. that is the best and simple one
Thank you! this was a big help!
Excellent presentation of GDPR overview. You made it look simple and enjoyable.
Glad it was helpful!
Great explanation and presentation! Thanks a lot! (you can do the happy dance now haha)
Great summary, thanks
Glad it was helpful! :)
Great structure of content throughout the video.
What will happen about business cards? can people still hand those out?
Absolutely Rachel! If someone hands a business card to you, that is an example of someone giving an 'opt-in' action to you having their contact details, however, if you want to use this person's information in another way ie. add them to your mailing list you will have to get them to 'opt-in' to that too and ensure they have access to you fair notice policy.
Sorry, all Verboten now!
If you meet someone and they're European, just run.
Thank you for the video. Two questions, first, what about emails you are finding on business or organisation's website or a leaflet. Doy you still ask them if they want to stop receiving emails from you? Obviously they want to be contacted! Second, what about old friends or groups of friends. Do I have to ask all of them too? Thanks.
MsMarchella sorry, but according to European regime laws, now everything is banned.
Very helpful, thanks for sharing
Clear video with good advice, thank you
Thanks for the kind words Sonia - so happy it was useful for you.
Daisy
I found this video very helpful. thank you very much
Thanks for the 10 useful tips given in the video.
Hope you get paid well, you should be an high court solicitor very helpful to everyone
Hi, I found your video extremely informative and well explained, thank you for that.
My question is with regard to compliance by government bodies:
is there mention of what government bodies can and cannot do with data it collects ? and are there consequences on it in the event of a breach by them ?
Thank you.
But, unfortunately You haven't mentioned the situation, when i use cookies only to store a session number or something else strings of data, that has been saved only in order to help the user to not input this string again and again, when he/she's working with my website. And nothing personal data, nothing names, phonenumbers e.t.c. Just for a technical use. As i know, in that case, i do not need to inform about cookies saved at all. And You did not mentioned nothing about - can i use any code (javascript banner's code) i like, or i should only use a script banner code from an official GDPR approved services? Because, i'd write that code by self, in order to be more compact looking, and less annoying .
Very useful, but I have one question. What is the situation regarding invoice and transaction data in e-commerce? The obligation to keep these records for the tax authorities to inspect seems to conflict with the "right to delete". If a customer comes to me and demands that I delete all her invoices which government department wins or do they both fine me?
Hey Conrad, great question. My understanding is that you can keep these records but would delete the information needed to market to her. Although this is just my interpretation and I'm not legally trained, I'd double check this with the ICO helpline, I've found them useful. ico.org.uk/global/contact-us/helpline/ I've found them really useful at answering specific questions :) Hope this helps and let me know what they say! Daisy
Thank you for this information, been a great help :)
I'm so glad it could be helpful Dawn, good luck with the GDPR changes and let me know if you have any questions! Daisy
Thank you so much for the enlightening the complex and confusing GDPR for us. I still have a question in relation to what is sensitive data and non-sentive data and what to do with non-sensitive data. "Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice". I am aware that for sensitive date the person has to actively opt-in. The information I have on my emailing list is the person's name and email only and only use this information to inform them of my work and never pass their information on to third party. If name and email address is non-sensitive data, would it be enough if I email everyone informing them of what information I have of them, that I use the information only for informing them of my work and nothing else, and under no circumstances any information will be shared with third party and if they do not wish to be part of this list they can unsubscribe at any time by clicking the unsubscribe button?
This is a very good and informative video and easy to follow. My main thought however is that most small businesses will only do the very basics. I cannot see sole proprietors and other small businesses writing out data security and data retention policies etc etc. My take from this is that as a basic minimum you need to contact everyone in your database and get their consent to keep the data and delete those that do not consent. The other really good point from this is to make sure the data you do keep is secure - for example if someone breaks into your business and steals the small file server you keep and the data is not encrypted you could get caught out quick easily. Overall great video - I wouldn't worry about the 20 million euro fines however as I think they will be directed at the big bully organisations out there that choose to flout the law.
you legit saved my life! thanks
Great video! You explained the law very well.
Will start writing the tax authorities and ask then to delete all my data 😂😂 Thanks for a great presented video 👍
Really helpful and clear. Thank you.
Glad to help Neil - good luck with the GDPR changes.
Great content and presentation - thank you
Really helpful, thanks.
Digitool,
We keep the info for 30 days max and then after we will remove it or unless they contact us to remove it for them.
Regards
Funfair Rentals
Succinct and clear. Thanks.
Very helpful 👍 thank you
just liked and subscribed. great tips.
Thank you!
A super explanation. very succinct. thanks
Great explanation, thank you for making this video so comprehensive! (GDPR is a scary unknown to me still!)
Thanks! Glad you enjoyed the video!
A good video for sure and well put together, but I feel it would have been beneficial to talk about the lawful bases defined under GDPR for processing data - you talk a lot about getting consent from individuals to process their data, but that is only one of the six lawful bases we can use. I understand consent largely applies when it comes to marketing emails etc, but when an organisation has a specific purpose for processing a persons data, "legitimate interest" is often more suitable than consent, not to mention "legal obligations" when it comes to a persons data relating to contracts, pay or other relevant areas. I fear "consent" has become the go-to lawful basis, when it should only really be used when necessary. So long as your privacy notices and policy explain things clearly, person data can still be processed without consent when appropriate - you just need to make them aware through your privacy notice.
Hi, your tips are perfect! We're going to follow your checklist on our websites! Can you please tell me, do we need to make the same if we have an app in AppStore? We don't collect names and emails but we definitely use some ads and analytics tools....
Thank You Very Much
Glad it was helpful! :)
excellent explanation
nice video! But, I was wondering, what about "Goodbye E-mails"? They are automatically sent after someone unsubscribes, like a last ditch effort to try a persuade a subscriber to stay with us. Are those kind of emails "outlawed" now, after GDPR?
Thanks - that's the best explanation I've seen so far. Liked and subscribed :) Two questions - the ICO and the regulations say that the DPO must be qualified - but they don't seem to show the qualifications. Any ideas there? Also, some of our providers (such as our Content Delivery Network) have asked us to sign a DPA - while other providers have not. Should we be wary of those who have not asked?
I work for a business that sells home improvements, the data we have is used for guarantees, our guarantee is 10 years so we keep data for that long we also keep limited data to prove when the guarantee has ended, can someone ask for that data to be deleted? If so how do we prove when products were installed????
Thank you for this video. Any GDPR changes (updates) till now?
thank you! well done. Keep up your work.
Great overview! Thank you for sharing. Sharing the video on Instagram ASAP!
Thank you Raquel, what is your instagram - we'd love to see and follow!
It's instagram.com/themightyfoxrocks. Please do, would love tag DigiTools on the post, and follow back of course!
Thanks Raquel - I've just seen that we have connected on Linked In :) Daisy
Great vid, however, the fines can go up to 24 million euros or 4% of the companies' annual revenue (Whichever is higher).
I am a startup and gathered about 80 email addresses which took about 2 days ..sent them an email...and several got back...saying you did not have my consent to contact me, I looked up gdpr and realised its pretty hardcore...now i have contacted a couple of the guys to take off my system and one of them is saying ...still not compliant..and he gives me a month to sort it out...so im in the shit on day one of my new business...
im skint and the last thing i need is some guy hounding me and trying to put me out of business on day 2 because of a simple mistake and a single email.
personally i think it is ridiculous. How am i meant to market new clients in this environment.
4320 Happy dances. You must be fit by now😂😂😂💃💃💃
PERFECT!
Really great video thanks! I have a question/observation on your last point about having an existing customers who are on an email newsletter opt in again. I am on probably 20+ lists, and I have not gotten a single request to opt in again (I live in the US), so are you sure about this requirement?
Excellent video. We are a small business and make print hard copies of the customer invoices, dispatch notes etc for accounting and audit purposes , under the new laws are we allowed to store these records and is there anything that we should be mindful of when maintaining these hard copy records . We also store the customer/ supplier details in our computers and servers should they be stored with password protection
Great stuff Daisy. I was checking it as well and I that found unzeenu.com Limited is the 1st company in the world to be GDPR compliant and was registered with ICO in the UK . Not really sure if google and facebook are still compliant 100%
Very clear explanation!
Very helpful Daisy. Thank you!
Phil! Thanks for watching, it wasn't as fun doing this video on my own! Hopefully see you soon :) Daisy
Isn't tip 9 and 6 can contradicts themselves? If someone asks you to delete all the data you have on them (6) and to never contact them again (9)...you will have to record that this person does not want to be contacted again...which means you'll have data on them (the fact that they don't want to be contacted).
Anyway, that law is a bit vague at times imo, but thanks a lot for the tips.