The deadline for compliance with the European General Data Protection Regulation (GDPR) is fast approaching, and it can be a bit stressful for any business that manages data.
After May 25, 2018, the way that you collect and store data may look completely different, and if you’re not compliant, you could face legal action and hefty fines.
To help find some clarity in the chaos, we’ve outlined a few tips our team is embracing to improve data management ahead of the GDPR deadline. *Note that the information contained should not be construed as legal advice, or as a recommendation of any particular legal understanding.
You should consult with your own legal counsel with respect to interpreting your unique obligations under the GDPR and the use of a company's products and services to process personal data.
Identify the data you collect, how you collect it, and where you store it.
Because GDPR may change the way you collect data, the kind of data you collect, and where you store it, it’s important to evaluate your current data management processes to determine if the changes apply. When identifying how your data management strategy might need to change for GDPR, keep these things in mind:
- Data transparency: When collecting data via a website form, organizations must obtain clear consent from an individual before collecting the data, and must also be transparent in how they will use that data.
- Data minimization: When collecting data under the GDPR, organizations are only permitted to collect data that is adequate, relevant, and limited to what is necessary for the intended purpose of collection.
- Data storage, security, and retention: Data must be stored in a secure manner and only shared or used for other purposes with the explicit consent of the individual. Additionally, organizations may only hold on to personal data for as long as is necessary to fulfill the intended purpose of collection.
Make it easy to opt in or opt out.
As noted above, GDPR mandates that any organization that wants to collect data from someone needs explicit consent from an individual to do so. This consent must be clear, in plain English, and "informed, specific, unambiguous, and revocable."
This might be a good opportunity to do some spring cleaning in your existing database. By sending out an email to your current contacts (before May 25, 2018) with a clear, unambiguous opt-in message, you can discover who’s still interested in receiving your content, and who’s not.
You may also learn that you’ve got some old or bad data in storage that needs to be removed (hey, it happens), like email addresses that are wrong or have changed, or contacts that disengaged long ago. GDPR provides the chance to ensure you have the data you need to make your business successful.
Prepare to provide new value to your contacts.
As complex as the GDPR can be to handle, the GDPR will raise the bar for companies engaging with their customers and prospects. At Skuid we'll be challenging ourselves to make our content increasingly relevant, creative, and interesting to our prospects.
We are looking at GDPR as a new opportunity–albeit, an involuntary one, to provide more value to our target audience and build greater transparency between Skuid and our prospects.
Rather than sending our content directly to spam folders across the globe, we are looking at this as an opportunity to engage with the people who are truly interested in hearing about our product or service. Remember, with no obstacles, there’s no innovation.
Skuid and GDPR.
For customers or prospects using Skuid to build apps that leverage all their data, Skuid is committed to keeping data safe. Because Skuid respects the native security for all data that is used, companies can use Skuid to innovate without risk. Want to learn more about how Skuid works? Request a free demo today.