The law's changing 25th May 2018, are you compliant? This is a summary of the critical changes and essential steps you need to implement taken from a small business owner's perspective.
2. Disclaimer:
The following guide contains summary information in relation to the new EU GDPR
Law as I understand it.
I have condensed the essential facts to make it easy and straightforward for the
small business owner and solopreneur to implement.
I am not a lawyer or law professional or in any way connected with the law,
therefore, you may wish to take professional advice regarding this new compliance.
Angela Nubbert
Coast Academy
Copyright: Coast-Academy.com
3. Introduction
The basis of the new EU GDPR law is to protect individual privacy rights and update
privacy law for current technology.
The changes apply to any business, regardless of size. If you have a website or blog,
or in any way collect client data, you must comply.
Brexit won’t make a difference, nor does being in the States, Canada or anywhere
else in the world. If there is the remotest chance of a customer coming from an EU
country, then you will be required to comply with the GDPR law. Failure to do so
could result in onerous penalties.
Copyright: Coast-Academy.com
4. Critical Changes To Be Aware Of In Relation to Email Marketing
and Sign-up Forms.
You must obtain affirmative consent. It is now not enough to have an opt-in form, you
must add a ‘tick-box’ in which the customer must take action to receive your
documentation or sign-up to your newsletter.
You must tell your customer how you intend to use their information.
You cannot change the information you send to a customer after they’ve signed up. For
example, if a customer is signing up to receive financial information, you cannot suddenly
start sending them information regarding health and wellness news.
You must post your Privacy Policy on your website and you need to place links to this
policy throughout your website, but also on every form that ‘captures’ client data. A copy
of the policy I use is at the end of this slide presentation, you are welcome to copy this
information and use it for your own business.
You must keep this data secure and notify customers within 72 hours of any data breach.
Customers now have the right to request a copy of the data you hold on them, correct
data and withdraw their consent to you holding their data. In addition, customers have the
right to have their data erased, in other words ‘be forgotten’.
Copyright: Coast-Academy.com
5. What If I Don’t Comply?
There is every intention to enforce GDPR Law, penalties for non compliance include
a fine of 4% of Gross annual income or up to £20 million whichever is the greater.
Although these big numbers are most likely intended for much larger corporations,
it goes to show how serious the EU is taking the implementation of this new law.
You cannot block EU clients to circumnavigate the law, that’s an infringement of the
GDPR law.
Customers will have a private right of action against you if, by using a third party
company that’s non compliant, you don’t protect their data, it’s in your interest
therefore to ensure everyone you deal with is complying with GDPR law.
Copyright: Coast-Academy.com
6. Essential Steps You Need to Take to Comply with GDPR by
25th May 2018
1. Add a Privacy Policy to your website.
2. On every opt-in or contact form on your website add a link to your Privacy Policy.
3. Put a link to your Privacy Policy in your website footer so it appears on every page.
4. Go through your email list and audit your sign-ups, segment if necessary, then send
an email asking if they would still like to receive updates from you. There’s an example
email at the end of this guide.
5. Audit everyone you deal with, for example, I use 123-Form Builder for student sign-
ups; this company keep the data I’ve requested through my website, on their own
system. I’ve confirmed they are GDPR compliant.
Copyright: Coast-Academy.com
7. Essential Steps contd …/
6. Use a Double Opt-in where possible, this is usually standard with most professional email
companies such as Aweber, Mailchimp and Convertkit. Otherwise, your first email should
confirm the reason why they’ve agreed to sign up with you and what you will be using their data
for.
7. Re-affirm how customers can opt-out of your newsletters.
8. Advise how customers can view data you hold on them.
9. Make sure any third party companies you work with, who handle your client data (for example
email companies) are compliant with GDPR.
10.Add a Cookie notice to your website with a link to your Privacy Policy. Ensure customers take
affirmative action to confirm they’ve agreed to your Cookie policy. If they dismiss the Cookie
notice without agreement, they should be blocked from continuing to browse your website. The
following slide is an example of how you can word your Cookie notice.
11.Consider updating your Liability insurance to cover the possibility of anyone taking action
against you.
Copyright: Coast-Academy.com
9. Here is an example of my updated Sign-Up form to take into account the new GDPR requirements. Two
changes include: A reminder of what the customer is signing up for and a link to my Privacy Policy.
Copyright: Coast-Academy.com
10. Suggested email to your contacts
Since you signed up to my newsletter (either online or at an event) I have been keeping
your name and email address so that I can keep you posted on our courses, activities and
events. In accordance with the new GDPR law taking effect 25th May 2018, I need to
ensure that you are still happy to receive our mailings and if this is the case, would be
grateful if you would just hit reply to this email with ‘YES’.
I use the service provider Aweber to manage my newsletter list and mailings, this ensures
you data is kept secure. I do not share your data with anyone else and never will. If you
would like to view the data held by me, please do get in touch.
You can unsubscribe from my newsletter at any time by clicking the 'unsubscribe from
this list' link in the footer below, or in any of my newsletters. You can also read about
how I process personal data on my website here. (Link to your Privacy Policy)
If you have any questions about the new General Data Protection Regulation (GDPR),
which comes into effect on 25th May 2018, or about how I contact you, please do not
hesitate to get in touch.
Copyright: Coast-Academy.com
11. Copyright: Coast-Academy.com
Copy of my Privacy Policy which you are welcome to copy:
Your privacy is important to Coast Academy.
By visiting and using this website, you agree and consent to the following Terms of Sale and Privacy Policy governing the collection and use
of personally identifiable and other information by Coast Academy.
As with all e-commerce websites, we collect personal information from you when you shop online. We use this information to make your
shopping experience as easy and enjoyable as possible. We need it to process your order, inform you of any delays or problems with your
order. The information we collect is:
Your name
Email address – for acknowledging orders, and sending status updates etc
Delivery address
Telephone number – only if there is a delivery problem
Our third party payment processors use the latest secure server technology to ensure this information is protected to the highest standards.
They use encryption to safeguard your credit card information and only accept orders from web browsers that permit communication
through Secure Socket Layer (SSL) technology - this means you cannot inadvertently place an order through an unsecured connection. Most
web browsers above version three support this security. This encryption makes it virtually impossible for unauthorised parties to read any
information that you send us. The encryption technique we use is the highest standard available for e-commerce.
If you sign up for our newsletter, we will process your personal information (name, email address) for the following legitimate business
purpose: To send you email communications which we think will be of interest to you, ie information about news, activities, events and
services. We currently use the service providers Wix and AWeber to manage the newsletter list and mailings. We do not share your data with
anyone else.
You can check or change your name and email address in our records by clicking the ‘update your preferences’ link in the footer of any email
newsletter you receive from us. Remember to tick the “Email” box because our newsletters only come via email!
You can unsubscribe from our newsletters anytime by clicking the ‘unsubscribe from this list’ link in the footer of any email newsletter you
receive from us.
If you book or attend a Coast Academy Online Course or Workshop, we will process your personal information (name, email address, name
and date of course booked, payment received) for the following legitimate business purpose: To manage our course bookings, send you pre-
and post- course emails with information about the course, and to keep a record of who booked which course so as to better plan future
courses. We do not share this data with anyone else.
12. Copyright: Coast-Academy.com
Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high regard and take account of
these rights. You have the right to object to this processing if you wish, and if you wish to do so please contact us. However, please bear in
mind that if you object this may affect our ability to carry out the tasks listed above for your benefit.
Data Protection
Coast and Country Prints will never pass your details on to a third party for marketing purposes. If you have questions about your personal data
or our privacy policy, please contact us at support@coast-academy.com.
Cookies
Cookies are small text files that websites send to your computer. A cookie can be thought of as an Internet user's identification card. They let
the website know when the user has returned. This lets the site bring up information relevant to that user, for example your name, past orders
etc. Cookies make the interaction between users and websites faster and easier. Without cookies, it would be very difficult for a website to allow
a visitor to fill up a shopping basket or to remember the user's preferences or registration details for a future visit. Coast Academy website uses
cookies to allow customers to move from one part of the website to another and to add items to the shopping basket without having to login
repeatedly. Cookies are not computer programs, and can't read other information saved on your hard drive. They cannot be used to disseminate
viruses, or get a user's email address etc. They only contain and transfer to the website as much information as the users themselves have
disclosed to that website.
We comply to the 1998 UK Data Protection Act and keep your information safe using the latest technology.
Payment Processing
We use PayPal to process online payments, Paypal provide a secure online payment gateway for your purchases and no credit or debit card
details are kept by Coast Academy and its proprietors, you therefore accept that PayPal is responsible for any omissions or errors created by
them and any payment queries will be dealt with between you, the purchaser, and PayPal. Coast and Country Prints is not able to interpose on
your behalf. By placing an order with this website you affirm that you are either more than 18 years of age, or an emancipated minor, or possess
legal parental or guardian consent, and are fully able and competent to enter into the terms, conditions, obligations, affirmations,
representations, and warranties set forth in these terms and conditions, and to abide by and comply with these terms and conditions.
In all instances of questions or queries relating to your use of this site, including but not limited to the purchase of products, please do not
hesitate to contact us. We aim for high customer satisfaction and want to make your experience enjoyable.
TELEPHONE:.
EMAIL:
POST: