The GDPR requires several key things from a company:
- Documented legitimate reasons to collect and retain customer data
- Obtaining consent (or permission at minimum) to collect and retain customer data
- Keeping customers informed of what data is collected, how long it is kept, and how it is used
- Allowing customers to exercise their right to be forgotten without jumping through hoops
- Making a “good faith” attempt to follow every detail of the GDPR
The GDPR places strict guidelines on privacy policies. First of all, the policy must be written in a straightforward manner, with no “legalese”. It cannot go on and on forever with fine print that would take hours to read. Anyone should be able to read your policy quickly and walk away with a detailed understanding of how your company handles their data.
Fourth, as you rewrite your policy, take stock of every privacy law you may be subject to. The GDPR is the most famous but is far from the only one. For instance, Canadian customers are covered by the CASL and Californians by the CCPA. Recently passed laws in Virginia, Nevada, and New York show that the rest of the country is following California’s example. Include clauses that address each of these laws and explain how you comply with them.
Data Privacy Best Practices
- Review the GDPR definition of “personal information”. You may be collecting too much or not properly handling what you already have.
- Focus on the customers’ best interests and consent rights, not yours. Your first priority shouldn’t be avoiding a lawsuit or fines for violating the GDPR. Your focus should be on keeping your customers happy with how you’re handling their data.
- Be transparent with your customers. Make it easy for them to find out what data is being collected and how you’re using it.
- Focus on data security. Privacy and security are related concepts, but they aren’t identical. Your customer’s data must stay safe while in your possession.
- Use privacy software that updates with new legal requirements. A flexible system will allow you to respond quickly to any new changes on the legal side of things.
4Comply Can Help!
4Comply is privacy compliance software that helps you handle consent management and fulfill privacy rights requests. But 4Comply isn’t just a packaged software solution: it’s also customizable using the Developer API. A few small tweaks will make 4Comply compatible with existing forms and applications you’re already using or, better yet, adjust its functions to support new or changed privacy laws. Data privacy compliance has never been easier!