How To Be GDPR Compliant (Checklist Included)

Marketing 5 minute read 12 October 2020

On May 25th, 2019, the General Data Protection Regulation (GDPR) came into effect and represented one of the biggest changes to data law in recent memory.

As you’d expect, it also caused lots of confusion, panic and an undue amount of worry on behalf of businesses.

Like any big change, however, the devil is in the detail, and providing you know what your obligations are under the GDPR and proactively stick to them, you’ll be just fine.

3 GDPR essentials

GDPR essentials

The GDPR is a weighty piece of regulation, but you don’t need to read every page to understand what you need to do when it comes to protecting your customers’ data.

Before we provide the best GDPR checklist for your business, there are three elements of the GDPR which require the lion’s share of your attention.

1. Marketing opt-ins

This is where it all starts. When someone enters your mailing list or any other database where you’re storing their personal data, they need to have given you explicit consent - no shortcuts, confusing small print or tricks.

2. Storage of data

What are you storing? Why are you storing it? Is it easily accessible when a request for access arrives from an individual? It’s vital you have full visibility of the data you’re storing and make it clear what you intend to do with it.

Losing email subscribers is never nice, but if they want to leave, you need to make it ultra-easy for them to do so. The ability to opt out of your database is equally as important as the transparency you offer when people opt in.

Your GDPR checklist

GDPR checklist

Ensuring your privacy policy is up to scratch - Work with a legal team to ensure it complies with GDPR guidelines - Provide a “meaningful overview of the intended processing” - i.e. how you will use the data you collect - Provide contact details of the data controller - Identify any 3rd parties with whom you share the data - Explain the retention period for data - Give details on access to, deletion and correction of personal data by its owner - Provide confirmation of right to withdraw consent

Re-opt-in for existing databases - Create a landing page for the campaign featuring an opt-in form (use checklist below to create this form) - Send the email campaign to existing contacts pointing to your new landing page - Explain that you require their consent to continue sending them your updates and marketing messages - Provide a clear way to unsubscribe if they wish

Opt-in for new contacts - Adjust ALL forms on your website to include specific opt-ins - Include explicit opt-ins on each form for all types of communication you undertake (i.e. newsletters, product updates, events, etc) - If you share data with 3rd parties, list who they are - Implement dual opt-in, so new subscribers have to confirm their consent via an email link - Add a link to your privacy policy on all forms

Storage and usage of data - Make sure all data is held securely on servers which sit behind firewalls and offer strict user access (be they on-site or in the cloud) - Document who has access to the server and the access requirements - Create a list of all types of personal information you store - Create a list of who you share data with (if applicable) - Write precise definitions of what you do with the data - Provide clear notices on how long you keep the data - Ensure data is quickly accessible by authorised personnel in the event of a data request from its owner

Unsubscribe links - Add clear unsubscribe links to all email campaigns - Use ultra-clear language (i.e. “Unsubscribe from our emails by clicking here”) - Offer ability to unsubscribe from particular lists (if applicable) or all in one go - Make sure unsubscribing is a one-click affair

Weekly tips, advice and guides on everything hospitality - straight to your inbox.

Related posts

Join the Town Square

Weekly tips, advice and guides on everything hospitality, straight to your inbox.

    We won't send you spam. Unsubscribe at any time.