New GDPR Regulations...how do I start to comply??

Masala

Hi all

I have got landed to 'make us GDPR compliant for tge 28th May 2018 deadline.

I know that this is all to do with protecting staff, customers etc data that we hold in the organisation.

I know we haven't anything formal in place . And so I have been given the task of putting a Policy Document in place.

This is all new to me and whilst the Co will sent Me on any courses I want ... am just looking here to see if any Boardsies have any links to any reading/templates /etc that I can read/ use etc to bring me up to speed

Many thanks

jimmii

Nightmare! What did you to deserve that :eek:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

&

https://www.eugdpr.org

Are as good a place to start as any. Without knowing more about the way your company uses data it's hard for anyone to say what will need to be done.

Simonoconnor15

Can anyone explain what this means for sending out Newsletters/sales emails to our database?

jimmii

Simonoconnor15 wrote: »

Can anyone explain what this means for sending out Newsletters/sales emails to our database?

It depends how you go about sending them. If you use mail chimp then they should already have you covered in terms of permission etc. The main changes for you are what is considered consent for contact as its tightening up a bit.

Keyzer

I'm afraid you are way too late the party by about 2 years.

GDPR is a mammoth in terms of its content.

At this stage, if I were you, I would seriously consider engaging with a professional services company to help you on this. It wont be cheap but compared to the potential fines you may incur, its money well spent.

pedroeibar1

It is very urgent (less than 3 months before implementation). You need to concentrate fully on it and nothing else in that period. Obtaining outside help depends on the size of the company and amount and type of data it holds. But you need to convince your boss that it is a major job / responsibility and not a 'just get it done' task. If yours is a big organization you should get expert advisors.

Masala

pedroeibar1 wrote: »

It is very urgent (less than 3 months before implementation). You need to concentrate fully on it and nothing else in that period. Obtaining outside help depends on the size of the company and amount and type of data it holds. But you need to convince your boss that it is a major job / responsibility and not a 'just get it done' task. If yours is a big organization you should get expert advisors.

Jeez.... didn't realise that!!

With the amount of projests on my plate at moment.. looks like I will have to bring in outside help.

Any contacts for organisations who are in that business???

pedroeibar1

Masala wrote: »

Jeez.... didn't realise that!!

With the amount of projests on my plate at moment.. looks like I will have to bring in outside help.

Any contacts for organisations who are in that business???

Sorry, no. Talk to an industry group, or your local Chamber or your auditors for a lead.

Your senior management needs to take this seriously, it's not just 'something' to shove onto a desk with the words "Get this done". It is a process that requires considerable work - for example what data do you hold? How did you obtain it? Under what conditions? Do you share it? (if so, you must ensure that the firm you share it with also is GDPR compliant) . What DP processes are in place? etc.etc.etc.

There will be greater distinction between Data Controllers and Data Processors. While there already are statutory requirements in place, from end May the maximum fines will increase to €20 million or 4% of turnover.

Masala

€20m fine.....well that's us shutting up shop and 20 people on the dole.

pedroeibar1

Masala wrote: »

€20m fine.....well that's us shutting up shop and 20 people on the dole.

Data protection has been with us for about 20 years – you should (I hope) have a DP procedure already in place and it can be used as foundation to build on.
The max fine is €20 million, the amount levied would depend on the severity of the breach and the size & type of business you are in. The DPC won’t give a fiddlers about jobs/company survival. Anyway, should the fine be so severe as to push the company under it would not mean 20 jobs gone, it would mean 19 jobs gone and one (the Data Protection Officer) probably in jail!

This UK site is good/useful

tarmon

You could try Peninsula for external help. I'm not affiliated with them and I don't use them but I've heard that they can help with the GDPR.

BrookieD

Masala wrote: »

Hi all

I have got landed to 'make us GDPR compliant for tge 28th May 2018 deadline.

I know that this is all to do with protecting staff, customers etc data that we hold in the organisation.

I know we haven't anything formal in place . And so I have been given the task of putting a Policy Document in place.

This is all new to me and whilst the Co will sent Me on any courses I want ... am just looking here to see if any Boardsies have any links to any reading/templates /etc that I can read/ use etc to bring me up to speed

Many thanks

PM Sent

Buttercake

Terrible that your company have landed this on you with a month and bit to go. There seems to be this "Ah sure it'll be grand" policy or wait and see what happens to someone else.

There is no copy and paste template available as every business from the flower shop to the multinational are different in how the use and retain customer data.

Do what you can do to bring your company up to date, I found this guide helpful:

https://clientrol.com/2018/02/13/the-ultimate-gdpr-guide-including-templates-resources/

sticker

I have a small website development business - some of my sites have simple enquiry forms.

How do i ensure enquiry forms are compliant to the new rules?

Thanks

Mr E

For an enquiry and response, nothing really... If you're signing them up for a company "newsletter" as part of the enquiry process, you need to let them know up front and explicitly ask for consent.

jacksn

sticker wrote: »

I have a small website development business - some of my sites have simple enquiry forms.

How do i ensure enquiry forms are compliant to the new rules?

Thanks

You can add a double opt-in to the form so the user ticks to consent at the start of the form, then the fields appear for them to send the form data.

Adding into the privacy policy what the form will be used for etc.

sticker

Quick query again on this if I have a standard enquiry form: Name, email, address and comments, what text do I need to have in the new tick box at the bottom before "submit"?

"I consent to my submitted data being collected and stored" - ?

and more importantly - Does this box need to be manditory?

Thanks!

BrookieD

sticker wrote: »

Quick query again on this if I have a standard enquiry form: Name, email, address and comments, what text do I need to have in the new tick box at the bottom before "submit"?

"I consent to my submitted data being collected and stored" - ?

and more importantly - Does this box need to be manditory?

Thanks!

Whats the purpose for the following

1) collection of such data? - are all
2) processing of such data? - Who, how, why
3) storage? - on a CRM in a Excel, how secure is your data
4) will anyone have access to the data?

Above will help with the answer you are looking for.

sticker

BrookieD wrote: »

Whats the purpose for the following

1) collection of such data? - are all
2) processing of such data? - Who, how, why
3) storage? - on a CRM in a Excel, how secure is your data
4) will anyone have access to the data?

Above will help with the answer you are looking for.

Sorry but it doesn't help me a lot honestly speaking -

I'm asking if this text I proposed is satisfactory and if the tick-box needs to be manditory or not....?

Its a simple PHP form encrypted and sent to the client email - The responsibility is then with them regarding the data. I'm asking about the form on my side...

BrookieD

The only way to answer correctly is to know why you want to collect and use the data and store it, what is the processing, Then form the right text for your opt in - or just ignore the question you pose and make it up.   Do you have processing logs for the collection of your data etc... if you are reported for non compliance you may be required to show these? its much bigger question that what text is correct

Vetch

sticker wrote: »

Quick query again on this if I have a standard enquiry form: Name, email, address and comments, what text do I need to have in the new tick box at the bottom before "submit"?

"I consent to my submitted data being collected and stored" - ?

and more importantly - Does this box need to be manditory?

Thanks!

If it's just a straightforward enquiry form where someone can ask a question and is sent a reply, you don't need consent for this.

If you were doing something like adding them to a marketing contacts list, then you would need a consent mechanism.

sticker

Vetch wrote: »

If it's just a straightforward enquiry form where someone can ask a question and is sent a reply, you don't need consent for this.

If you were doing something like adding them to a marketing contacts list, then you would need a consent mechanism.

Very helpful - thanks! Is the text I suggested OK or do I need to add more if adding them to a marketing contacts list?

Buttercake

sticker wrote: »

what text do I need to have in the new tick box at the bottom before "submit"? "I consent to my submitted data being collected and stored" - ?

Yes in plain English or "I have read and agree to our privacy policy/terms of service" with a link to the page detailing the terms is always good.

sticker wrote: »

Does this box need to be mandatory?

Yes if you want them to agree to your privacy policy/terms and not pre-ticked obvs.

Good example on adverts.ie

sticker

Buttercake wrote: »

Yes in plain English or "I have read and agree to our privacy policy/terms of service" with a link to the page detailing the terms is always good.


Yes if you want them to agree to your privacy policy/terms and not pre-ticked obvs.

Good example on adverts.ie

Many Thanks!