Show Menu

General Data Protection Regulation (GDPR) Cheat Sheet by

marketing     direct     gdpr     eu     regulations     mailing     emailing

Introd­uction

The European Union agreed on a new privacy law, expected to set the worldwide standard for the collection and usage of data online. When the General Data Protection Regulation (GDPR) is passed, companies doing business in the 28 member states of the EU will have two years to shift their online strategies to accomm­odate opt-in and data transp­arency policies or face fines of up to 4% of their total revenues.

The new regula­tions will force online marketers to consider these critical points to be compliant by 2018.

1. Do a privacy assessment

Benchmark your current strategy against existing laws and best practices, build a business case for future invest­ments, and present your new privacy initiative to your company's board of directors.

2. Hire a data protection officer

If one of your core activities isthe systematic collection of personal data on a large scale, this is a must. Your DPO should partner with privacy peers to align controls and policies with an eye toward establ­ishing privacy as a compet­itive differ­ent­iator.

3. Establish a breach notifi­cation plan

The law allows enterp­rises only 72 hours to issue notice of a signif­icant data breach. It's tough enough to give proper notifi­cation to regula­tors, but tougher to commun­icate it in a sensitive fashion to customers. Plan for failure and be ready to leverage corporate commun­ica­tions and marketing staff—as well as third parties—to get the job done.

4. Reassess your outside data/a­nal­ytics providers

Under GDPR, they too can be held liable for privacy violat­ions. This changes the arrang­ement in two ways: They may charge more to allow for costs of compliance and they may need more visibility into your data, thereby exacer­bating the risk of data leakage.

5. Know where all the data is

The GDPR's “right to be forgotten” clause gives users full access to and control of the data you keep on them. As a result, you have to know where personal data is at all times and be ready to delete it. Third-­party contracts must also allow for immediate data deletion.

6. Think of the children

GDPR sets the age of digital consent at 16, though member states can decide to lower it to 13. What, however, will stop a 13-yea­r-old from setting up accounts when visiting countries where they're digitally legal? Don't count on box-ch­ecking mechanisms to cover your liability here. Instead, institute initia­tives to educate kids about privacy and security risks online.
 

EU General Data Protection Regulation (GDPR)

7. Home in on the opt in

Plenty of companies have complied with opt-in rules set in the EU, but regulators continue to snare some not following the letter of the law. One issue to watch out for: failing to get user consent to share their data with third parties.

8. Be specific and hold to it

Be specific about why you are collecting a person's data and what exactly you'll do with it. For instance, if your privacy policy states that a resume submitted by a job-seeker will only be accessed by your recrui­tment team, be sure to revoke access when the process is at an end.

9. Intern­ational data transfers remain a question

GDPR doesn't set new rules for intern­ational transfer of business data. While waiting on a new Safe Harbor agreement, U.S.-based companies should evaluate this situation on a nation­-by­-nation basis.

10. Procedures to disclose data to law enforc­ement

GDPR has a rule stating that data contro­llers cannot disclose data in its entirety and must notify the relevant data protection authority when a request is made. Concerned companies can use encryption and data masking to make data unusable, but it's essential that they manage their encryption keys accurately

10. Procedures to disclose data to law enforc­ement

GDPR has a rule stating that data contro­llers cannot disclose data in its entirety and must notify the relevant data protection authority when a request is made. Concerned companies can use encryption and data masking to make data unusable, but it's essential that they manage their encryption keys accurately

Closing Remark

Another example of government creating regula­tions designed to drive small companies out of business. Many will not be able to afford the increased costs. Protecting consumers is important but so is protecting small busine­sses. It is the govern­ment's respon­sib­ility to ensure that our networks are secure for everyone.

Download the General Data Protection Regulation (GDPR) Cheat Sheet

2 Pages
//media.cheatography.com/storage/thumb/davidpol_general-data-protection-regulation-gdpr.750.jpg

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!

 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Fearmongering Words Cheat Sheet
          Berger: 6 STEPPS to Social Selling Cheat Sheet

          More Cheat Sheets by Davidpol

          Inspecting Home for Fall Hazards Cheat Sheet
          Barcelona Principles 2.0 Cheat Sheet