At last, I finally get it. No legal jargon. No meaningless fluffy overviews. Just the practical steps, in real terms, of what I need to do to be GDPR compliant. Brilliant! Thank you sooooooo much. Have shared on Facebook with all my friends and business owners.
Thank you so much for this useful guide! I have been researching for weeks and it's lovely to see it all put together in tips like this. Clear and easy to understand. Very much appreciated from a small business owner! :)
GDPR was confusing for me but your explanation made it easy to understand and to act upon. Definitely, one of the best explanations I came across ever.
Absolutely superb. Easy to understand with no Jargon. As a very small business i am now confident that i can meet all GDPR principles. Thank you very much.
Thanks this has saved me as I love watching videos instead doing all the reading to research what I need to do. You are very good at this. It is clear, well thought out, easy to understand, helpful and super informative. I feel really confident about what to do so thanks again.
Love it, people are literally being SCARED out of business because of this stuff, you make it all sound simple which is GREAT! Shared your video with my 18,000+ FB group members just now to help them (and you) out :) Thanks!
I was wondering what GDPR actually was. 13 minutes later, with simple and clear words ..I really feel I do. That was brilliant. Summing up all this in such a short time, making it understandable by anyone. Great work there !
Great work, really. Within my research for GDPR, this was the 1st video that was not just saying a few (general and confusing) things about GDPR, only to continue with promoting a product or service. Many thanks ..
Thanks for taking time out to leave such lovely feedback George :) Not here to promote anything, I just did the research for our own business and felt I could save people some time by explaining what I had learnt along the way. Daisy :)
Interesting and informative. I work with a charitable foundation and keep information on our volunteers. These are not employees and they don't sell anything. We also have patients that we deal with . It would be interesting to know what to do about their records.
Thank You Digitool for putting together this great video for all of us that are still currently baffled by what to do next to prepare for GDPR! The video really brought back memories of when I was a Health and Safety Officer in corporate retail! The terms are different, but the logic and processes are basically congruent with each other. The amount of clarity you shed light on is incredible, and I absolutely love the small Q&A for real business situations! I've shared the video on my FB and LinkedIn, I'll be sure to target any further questions back to your site. Thanks again for the awesome video!
Great video and tips, tks! Not sure if you are aware of, GDPR rules in Brazil will be effective on February 16, 2020. Basically, it is a ctrl C/ctrl V version of the EU GDPR rules, so we are trying to understand it from the very beginning.
Thanks for the lovely comment, compressing the info into something that was easy to understand took a lot of late nights, coffee and pizza deliveries :)
#GDPR is all about assessing the risk to data subjects. GDPR compliance is a continuous process. The worst thing organisations can do is not do anything at all! Good points raised in this video! However, it is the ICO (Information Commisioner's Office) that is the supervisory authority (SA) in the UK. They investigate GDPR compliance. ICO guidance and advice is the best to follow. (2:08)
Daisy, thank you for inviting us to post questions. I do have one. I own a small company, that provides services to "Individual Professionals" (like a lawyer, or engineer) and "Companies" ONLY. I am talking about "Legal Entities" with Tax books, that must provide their VAT number, in order to accept an Invoice (not a simple Receipt). I have nothing to do with Retail market, I cannot sell anything to a "Person" (my Tax books, do not allow me to). The only data I keep about my Customers & Suppliers, is their "Tax data", the ones needed to issue or accept an invoice. The only "persons" I communicate with, are the employees of my Suppliers and the employees of my Business Customers (companies). The only data I have about them, is what is usually written in their Email signature (like Name, Job title, Email, Phone, Work address). The only way I use their data, is to communicate with them. I do no marketing at all, I do not collect any data from any source, I do not give any person's data to anybody. The ONLY "person" I deal with, is my 1 employee. His data, are provided only to my company's accountant. SO, the question is: Does GDPR "touches" my company ? Thank you.
Hey George, Great question! So, yes GDPR does affect your company but don't worry there isn't too much extra work to do! You will still have to take necessary precautions to make sure that data is safe and couldn't be misplaced or stolen. You will also need a system in place in case someone requests what data you have on them (this doesn't need to be anything too advanced, you just need a very clear idea of ALL the information you have on a customer so you can give that to them should they ask for it). I would consider putting all the GDPR marketing provisions in place (such as a privacy policy and opt in form) JUST IN CASE you want to market to your customers in the future. You don't have to send them any marketing but, I'd rather have the provisions in place than realise you want to market to them later down the line and realise you can't. Hope this helps! Daisy
Tip 6 depends on who is collecting your data and for what reason, if you have entered into a contract with a financial services firm, they would normally need to hold onto the information for at least 6 years (for some pension transfers for your whole life), so that they can defend themselves against a claim for financial mis-selling. The law may also instruct the firm to hold onto personal data, such as HMRC etc. So the answer is no, there is no blanket requirement for a company to destroy your personal data. If depends.....
Excellent video. We are a small business and make print hard copies of the customer invoices, dispatch notes etc for accounting and audit purposes , under the new laws are we allowed to store these records and is there anything that we should be mindful of when maintaining these hard copy records . We also store the customer/ supplier details in our computers and servers should they be stored with password protection
Hi, your tips are perfect! We're going to follow your checklist on our websites! Can you please tell me, do we need to make the same if we have an app in AppStore? We don't collect names and emails but we definitely use some ads and analytics tools....
Hi, I found your video extremely informative and well explained, thank you for that. My question is with regard to compliance by government bodies: is there mention of what government bodies can and cannot do with data it collects ? and are there consequences on it in the event of a breach by them ? Thank you.
Very useful and well structured video. Thank you. However it’s worth pointing out that the need for customers to opt in to electronic marketing communications has been in place for 15 years! (Privacy and Electronic Communications Act, 2003). It’s not new in GDPR.
Student doing aproject on an insurance firm here and wasn't quite up to date with that GDP Regulations nitty gritty thanks for putting me up to date ;)
Daisy, thank you for this brilliant video. You have put a very complicated regulation into very simple and straightforward terms. Extremely helpful. Thanks again, great work!
1. Organise your data 2. Make sure data is secure 3. Don't keep data unnecessarily 4. Write a clear fair processing notice 5. Have a process for providing the information you have on a person 6. Have a process for deleting data 7. Allow people to "postively opt in" to you storing their data 8. Try a layered optin form 9. Make it easy to opt out 10. Make your team aware of the new GDPR laws
Thanks so much, this video is very helpful. I have a question: for health practitioners, who have hand written data taken at a consultation, is it necessary to contact every past patient and ask if their data can be held? Health practitioners are legally obliged to hold their data for 7 years, even if no longer in touch with them?
Very useful, but I have one question. What is the situation regarding invoice and transaction data in e-commerce? The obligation to keep these records for the tax authorities to inspect seems to conflict with the "right to delete". If a customer comes to me and demands that I delete all her invoices which government department wins or do they both fine me?
Hey Conrad, great question. My understanding is that you can keep these records but would delete the information needed to market to her. Although this is just my interpretation and I'm not legally trained, I'd double check this with the ICO helpline, I've found them useful. ico.org.uk/global/contact-us/helpline/ I've found them really useful at answering specific questions :) Hope this helps and let me know what they say! Daisy
nice video! But, I was wondering, what about "Goodbye E-mails"? They are automatically sent after someone unsubscribes, like a last ditch effort to try a persuade a subscriber to stay with us. Are those kind of emails "outlawed" now, after GDPR?
Thanks - that's the best explanation I've seen so far. Liked and subscribed :) Two questions - the ICO and the regulations say that the DPO must be qualified - but they don't seem to show the qualifications. Any ideas there? Also, some of our providers (such as our Content Delivery Network) have asked us to sign a DPA - while other providers have not. Should we be wary of those who have not asked?
Really great video thanks! I have a question/observation on your last point about having an existing customers who are on an email newsletter opt in again. I am on probably 20+ lists, and I have not gotten a single request to opt in again (I live in the US), so are you sure about this requirement?
Good video, easy to understand for the most part. However, when it comes to 'existing data' you safe the safest bet is to contact all the people you have data on, asking them to positively opt in. Is this safest bet actually a legal requirement, or can we just keep the data we already have anyway?
Hey Simon, this will vary depending on how you have collected that information. For specific cases, I'd check this with the ICO helpline, I've found them useful. ico.org.uk/global/contact-us/helpline/ Daisy
Thank you for the video. It was really informative. Now, I would like to know that what would happen from GDPR perspective for cases where business has sent emails to it's consumers/customers to opt or give concent to use their personal data for marketing campaigns, etc. but they have not responded to that email. Can I treat no response as their agreement? If yes then will I be liable to any fines?
Thank you so much for the enlightening the complex and confusing GDPR for us. I still have a question in relation to what is sensitive data and non-sentive data and what to do with non-sensitive data. "Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice". I am aware that for sensitive date the person has to actively opt-in. The information I have on my emailing list is the person's name and email only and only use this information to inform them of my work and never pass their information on to third party. If name and email address is non-sensitive data, would it be enough if I email everyone informing them of what information I have of them, that I use the information only for informing them of my work and nothing else, and under no circumstances any information will be shared with third party and if they do not wish to be part of this list they can unsubscribe at any time by clicking the unsubscribe button?
This is a very good and informative video and easy to follow. My main thought however is that most small businesses will only do the very basics. I cannot see sole proprietors and other small businesses writing out data security and data retention policies etc etc. My take from this is that as a basic minimum you need to contact everyone in your database and get their consent to keep the data and delete those that do not consent. The other really good point from this is to make sure the data you do keep is secure - for example if someone breaks into your business and steals the small file server you keep and the data is not encrypted you could get caught out quick easily. Overall great video - I wouldn't worry about the 20 million euro fines however as I think they will be directed at the big bully organisations out there that choose to flout the law.
Great video! Are public bodies exempt from GDPR ie HMRC, local councils, water board, health authority etc? Can we opt out with these authorities from holding our data?
They shouldn't be exempt! If you do a company search (Dunn & Bradstreet, or Company Check), you will find that all of the "public bodies" are in actual fact registered as companies. The European Union, The House of Lords, local authorities, Police, Social Services, HMRC, Courts, et al, are all registered companies. The rabbit hole goes deep!
Hi Daisy! Thanks so much for that video. It was really handy to understand what GDPR is. I've check comment section but no one asks for it. What about cookies and all tracking stuff? I put a notification when entering website we use cookies and third-party engines and 'I am OK with cookies' botton and 'Learn more'. The website is built on Shopify platform and doesn't really allow to put more options. Do you think an additional text like 'If you don't agree to use cookies please change the settings in your browser or leave page' will sort out the problem?
Excellent explanation. I love the video. Quick questions, however: i) In case a company wants to send a new email to clients for the first time, say to market a platform, does the company have to explain to the recipient where they got that data from? Moreover, given that this is an 'origination' email, can such an entity be sued based on this initial email or do the rules merely cover follow-up emails? ii) Do these laws cover data obtained from other companies or purely an individual's data?
Hello and thanks for the video! Do I need to add the 'Positive Opt In' checkbox if I'm not sending any marketing emails to my clients? I only send the booking confirmation email.
Hey, thanks for the lovely words - third-party platforms need to be complying however, it is your responsibility to ensure the platforms you use are GDPR compliant. If you need more clarity, I'd check this with the ICO helpline, I've found them useful. ico.org.uk/global/contact-us/helpline/ I've found them really useful at answering specific questions :) Daisy
what I personally believe is that these set of rules were aimed to control big companies behavior with data but the outcome was that these companies have huge number of lawyers and they can easily adjust to them. overall they got no major changes in their business. on the other hand, small and medium business will suffer complying with these rules and their job will more likely become very challenging. so as a result the rules served indirectly the big companies from any disturbing possibilities of new growing businesses.
Great stuff Daisy. I was checking it as well and I that found unzeenu.com Limited is the 1st company in the world to be GDPR compliant and was registered with ICO in the UK . Not really sure if google and facebook are still compliant 100%
Absolutely Rachel! If someone hands a business card to you, that is an example of someone giving an 'opt-in' action to you having their contact details, however, if you want to use this person's information in another way ie. add them to your mailing list you will have to get them to 'opt-in' to that too and ensure they have access to you fair notice policy.
Thank you for the video. Two questions, first, what about emails you are finding on business or organisation's website or a leaflet. Doy you still ask them if they want to stop receiving emails from you? Obviously they want to be contacted! Second, what about old friends or groups of friends. Do I have to ask all of them too? Thanks.
Is amazing always following 😊
As a web developer I have watched 6 videos this morning trying to get an understanding of GDPR. This is by far the best one.
At last, I finally get it. No legal jargon. No meaningless fluffy overviews. Just the practical steps, in real terms, of what I need to do to be GDPR compliant. Brilliant! Thank you sooooooo much. Have shared on Facebook with all my friends and business owners.
This has been more informative that the hour long webinar I did today. Thank you!
No worries Ben, always happy to help :) Daisy
Thank you so much for this useful guide! I have been researching for weeks and it's lovely to see it all put together in tips like this. Clear and easy to understand. Very much appreciated from a small business owner! :)
best video on gdpr so far, with just the right amount of details
Want to learn more about GDPR Compliance : stafftimerapp.com/blogs/gdpr-compliance-and-employee-data-monitoring
GDPR was confusing for me but your explanation made it easy to understand and to act upon. Definitely, one of the best explanations I came across ever.
Absolutely superb. Easy to understand with no Jargon. As a very small business i am now confident that i can meet all GDPR principles. Thank you very much.
Thanks this has saved me as I love watching videos instead doing all the reading to research what I need to do. You are very good at this. It is clear, well thought out, easy to understand, helpful and super informative. I feel really confident about what to do so thanks again.
Love it, people are literally being SCARED out of business because of this stuff, you make it all sound simple which is GREAT! Shared your video with my 18,000+ FB group members just now to help them (and you) out :) Thanks!
I was wondering what GDPR actually was. 13 minutes later, with simple and clear words ..I really feel I do. That was brilliant. Summing up all this in such a short time, making it understandable by anyone. Great work there !
GDPR is a goldmine for we folks doing website maintenance. Keep it coming :)
Or lawyers
Excellent job, Daisy! After reading so many articles that only left me with more questions, this video made everything about GDPR "click".
Thanks Javier! And thank you for taking the time out to see the video.
Amazing information. Thanks so much, Digitool! First-time viewer and just subscribed, so enjoy your happy dance, Daisy!
Great work, really.
Within my research for GDPR, this was the 1st video that was not just saying a few (general and confusing) things about GDPR, only to continue with promoting a product or service.
Many thanks ..
Thanks for taking time out to leave such lovely feedback George :) Not here to promote anything, I just did the research for our own business and felt I could save people some time by explaining what I had learnt along the way. Daisy :)
Very nicely explained.
Useful video. Many thanks.
Thanks! Glad you enjoyed the video!
terima kasih banyak atas panduan yg anda berikan semoga menjadi ilmu yg bermanfaat bagi saya
You got a true follower. Best content on GDPR so far. Thanks a lot sharing with us.
this was useful - thanks :-)
Glad it was helpful!
Interesting and informative. I work with a charitable foundation and keep information on our volunteers. These are not employees and they don't sell anything. We also have patients that we deal with . It would be interesting to know what to do about their records.
Thank You Digitool for putting together this great video for all of us that are still currently baffled by what to do next to prepare for GDPR!
The video really brought back memories of when I was a Health and Safety Officer in corporate retail! The terms are different, but the logic and processes are basically congruent with each other.
The amount of clarity you shed light on is incredible, and I absolutely love the small Q&A for real business situations!
I've shared the video on my FB and LinkedIn, I'll be sure to target any further questions back to your site.
Thanks again for the awesome video!
excellent. the best overview explanation I've seen!! super clear and enjoyable to watch. thank you!
Thank you for the lovely feedback Nancy, glad it was clear. Good luck with the GDPR changes and let me know if you have any questions :) Daisy
Nancy Preston hh
Yes, I agree, super healthy tips! Thanks!
Want to learn more about GDPR Compliance : stafftimerapp.com/blogs/gdpr-compliance-and-employee-data-monitoring
Best GDPR explanation in the shortest possible time! Great Job Daisy! 👍
Well done. Learn so much about GDPR in a short time frame. Thanks!
Thank you! We're happy that you learned so much about it in a short time.
Great video and tips, tks! Not sure if you are aware of, GDPR rules in Brazil will be effective on February 16, 2020. Basically, it is a ctrl C/ctrl V version of the EU GDPR rules, so we are trying to understand it from the very beginning.
Very helpful to understand ...GDPR. Thank you!!
You are awesome for taking this awful big information of gdpr and compressing it into a 13 min video... Thank you very much
U helped a looooooot
Thanks for the lovely comment, compressing the info into something that was easy to understand took a lot of late nights, coffee and pizza deliveries :)
This was very useful! Thank you for sharing all this info:)
Excellent presentation of GDPR overview. You made it look simple and enjoyable.
Glad it was helpful!
Thank you for this helpful video on GDPR!
Glad it was helpful!
Great video, we're going to show this to our employees.
#GDPR is all about assessing the risk to data subjects. GDPR compliance is a continuous process. The worst thing organisations can do is not do anything at all!
Good points raised in this video! However, it is the ICO (Information Commisioner's Office) that is the supervisory authority (SA) in the UK. They investigate GDPR compliance. ICO guidance and advice is the best to follow. (2:08)
This has been so informative on GDPR than any that i have yet to come across :-)
Daisy, thank you for inviting us to post questions. I do have one.
I own a small company, that provides services to "Individual Professionals" (like a lawyer, or engineer) and "Companies" ONLY.
I am talking about "Legal Entities" with Tax books, that must provide their VAT number, in order to accept an Invoice (not a simple Receipt).
I have nothing to do with Retail market, I cannot sell anything to a "Person" (my Tax books, do not allow me to).
The only data I keep about my Customers & Suppliers, is their "Tax data", the ones needed to issue or accept an invoice.
The only "persons" I communicate with, are the employees of my Suppliers and the employees of my Business Customers (companies). The only data I have about them, is what is usually written in their Email signature (like Name, Job title, Email, Phone, Work address). The only way I use their data, is to communicate with them.
I do no marketing at all, I do not collect any data from any source, I do not give any person's data to anybody.
The ONLY "person" I deal with, is my 1 employee. His data, are provided only to my company's accountant.
SO, the question is: Does GDPR "touches" my company ?
Thank you.
Hey George,
Great question! So, yes GDPR does affect your company but don't worry there isn't too much extra work to do! You will still have to take necessary precautions to make sure that data is safe and couldn't be misplaced or stolen. You will also need a system in place in case someone requests what data you have on them (this doesn't need to be anything too advanced, you just need a very clear idea of ALL the information you have on a customer so you can give that to them should they ask for it).
I would consider putting all the GDPR marketing provisions in place (such as a privacy policy and opt in form) JUST IN CASE you want to market to your customers in the future. You don't have to send them any marketing but, I'd rather have the provisions in place than realise you want to market to them later down the line and realise you can't.
Hope this helps! Daisy
Thank you very much, George
No worries George, glad we could help :D
Wow fantastic presentation we are undertaking a GDPR review with Deloitte but your explanation and examples are great.
Thanks for the easy to understand explanation and list, best one i've seen all day :)
very detailed and informative! thanks for this! SUBSCRIBED :)
Tip 6 depends on who is collecting your data and for what reason, if you have entered into a contract with a financial services firm, they would normally need to hold onto the information for at least 6 years (for some pension transfers for your whole life), so that they can defend themselves against a claim for financial mis-selling. The law may also instruct the firm to hold onto personal data, such as HMRC etc. So the answer is no, there is no blanket requirement for a company to destroy your personal data. If depends.....
Excellent video. We are a small business and make print hard copies of the customer invoices, dispatch notes etc for accounting and audit purposes , under the new laws are we allowed to store these records and is there anything that we should be mindful of when maintaining these hard copy records . We also store the customer/ supplier details in our computers and servers should they be stored with password protection
This is really helpful, summarizes the concept and tips are great as well.
Thank you Cynthia :) I appreciate the time you've taken to comment - that's so kind
Much clearer than anything else I have seen, thank you.
Not a problem Karen, so glad you found it useful :)
If you want to save your business from the fines regulated by EU GDPR then
CLICK HERE : bit.ly/2MbIchU
Want to learn more about GDPR Compliance : stafftimerapp.com/blogs/gdpr-compliance-and-employee-data-monitoring
Hi, your tips are perfect! We're going to follow your checklist on our websites! Can you please tell me, do we need to make the same if we have an app in AppStore? We don't collect names and emails but we definitely use some ads and analytics tools....
Thank you for this video. Any GDPR changes (updates) till now?
I found this video very helpful. thank you very much
Very helpful, thanks for sharing
Great structure of content throughout the video.
just liked and subscribed. great tips.
Thank you!
Thanks for the 10 useful tips given in the video.
Hi, I found your video extremely informative and well explained, thank you for that.
My question is with regard to compliance by government bodies:
is there mention of what government bodies can and cannot do with data it collects ? and are there consequences on it in the event of a breach by them ?
Thank you.
Very useful and well structured video. Thank you. However it’s worth pointing out that the need for customers to opt in to electronic marketing communications has been in place for 15 years! (Privacy and Electronic Communications Act, 2003). It’s not new in GDPR.
Student doing aproject on an insurance firm here and wasn't quite up to date with that GDP Regulations nitty gritty thanks for putting me up to date ;)
No worries - I'm so glad it can be useful. Good luck with your studies, Daisy
Daisy, thank you for this brilliant video. You have put a very complicated regulation into very simple and straightforward terms. Extremely helpful. Thanks again, great work!
Thank you for the kind words Carol - I'm so glad you found it easy to understand GDPR can feel very overwhelming! Daisy
1. Organise your data
2. Make sure data is secure
3. Don't keep data unnecessarily
4. Write a clear fair processing notice
5. Have a process for providing the information you have on a person
6. Have a process for deleting data
7. Allow people to "postively opt in" to you storing their data
8. Try a layered optin form
9. Make it easy to opt out
10. Make your team aware of the new GDPR laws
Great video! You explained the law very well.
thanks for summarizing it
Clear video with good advice, thank you
Thanks for the kind words Sonia - so happy it was useful for you.
Daisy
Thanks so much, this video is very helpful. I have a question: for health practitioners, who have hand written data taken at a consultation, is it necessary to contact every past patient and ask if their data can be held? Health practitioners are legally obliged to hold their data for 7 years, even if no longer in touch with them?
Very useful, but I have one question. What is the situation regarding invoice and transaction data in e-commerce? The obligation to keep these records for the tax authorities to inspect seems to conflict with the "right to delete". If a customer comes to me and demands that I delete all her invoices which government department wins or do they both fine me?
Hey Conrad, great question. My understanding is that you can keep these records but would delete the information needed to market to her. Although this is just my interpretation and I'm not legally trained, I'd double check this with the ICO helpline, I've found them useful. ico.org.uk/global/contact-us/helpline/ I've found them really useful at answering specific questions :) Hope this helps and let me know what they say! Daisy
Great explanation! Well done! Will definitely follow your tips, thanks! ✌🏻
A super explanation. very succinct. thanks
This is a brilliant video, thanks for taking the time to create it.
Thank you! this was a big help!
Brilliant! Just what I was looking for, many thanks very clearly explained.
Zest Virtual Solutions thanks so much for the comment :) so glad it could help you out. Daisy
nice video! But, I was wondering, what about "Goodbye E-mails"? They are automatically sent after someone unsubscribes, like a last ditch effort to try a persuade a subscriber to stay with us. Are those kind of emails "outlawed" now, after GDPR?
Thanks - very useful. Who gets the 20mill euro in fines? Do they go to the violated part?
Thanks - that's the best explanation I've seen so far. Liked and subscribed :) Two questions - the ICO and the regulations say that the DPO must be qualified - but they don't seem to show the qualifications. Any ideas there? Also, some of our providers (such as our Content Delivery Network) have asked us to sign a DPA - while other providers have not. Should we be wary of those who have not asked?
Really great video thanks! I have a question/observation on your last point about having an existing customers who are on an email newsletter opt in again. I am on probably 20+ lists, and I have not gotten a single request to opt in again (I live in the US), so are you sure about this requirement?
Awesome tips!! is this GDPR is only for websites hat belong to european union right??
Good video, easy to understand for the most part. However, when it comes to 'existing data' you safe the safest bet is to contact all the people you have data on, asking them to positively opt in. Is this safest bet actually a legal requirement, or can we just keep the data we already have anyway?
Hey Simon, this will vary depending on how you have collected that information. For specific cases, I'd check this with the ICO helpline, I've found them useful. ico.org.uk/global/contact-us/helpline/ Daisy
Excellent explanation! Thank you
Really helpful and clear. Thank you.
Glad to help Neil - good luck with the GDPR changes.
Thank you for the video. It was really informative. Now, I would like to know that what would happen from GDPR perspective for cases where business has sent emails to it's consumers/customers to opt or give concent to use their personal data for marketing campaigns, etc. but they have not responded to that email. Can I treat no response as their agreement? If yes then will I be liable to any fines?
you legit saved my life! thanks
Great overview! Thank you for sharing. Sharing the video on Instagram ASAP!
Thank you Raquel, what is your instagram - we'd love to see and follow!
It's instagram.com/themightyfoxrocks. Please do, would love tag DigiTools on the post, and follow back of course!
Thanks Raquel - I've just seen that we have connected on Linked In :) Daisy
Very clear explanation!
Thank you so much for the enlightening the complex and confusing GDPR for us. I still have a question in relation to what is sensitive data and non-sentive data and what to do with non-sensitive data. "Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice". I am aware that for sensitive date the person has to actively opt-in. The information I have on my emailing list is the person's name and email only and only use this information to inform them of my work and never pass their information on to third party. If name and email address is non-sensitive data, would it be enough if I email everyone informing them of what information I have of them, that I use the information only for informing them of my work and nothing else, and under no circumstances any information will be shared with third party and if they do not wish to be part of this list they can unsubscribe at any time by clicking the unsubscribe button?
This is a very good and informative video and easy to follow. My main thought however is that most small businesses will only do the very basics. I cannot see sole proprietors and other small businesses writing out data security and data retention policies etc etc. My take from this is that as a basic minimum you need to contact everyone in your database and get their consent to keep the data and delete those that do not consent. The other really good point from this is to make sure the data you do keep is secure - for example if someone breaks into your business and steals the small file server you keep and the data is not encrypted you could get caught out quick easily. Overall great video - I wouldn't worry about the 20 million euro fines however as I think they will be directed at the big bully organisations out there that choose to flout the law.
Thank you for this information, been a great help :)
I'm so glad it could be helpful Dawn, good luck with the GDPR changes and let me know if you have any questions! Daisy
Very thorough. Thanks.
Hope you get paid well, you should be an high court solicitor very helpful to everyone
Really helpful, thanks.
Great video! Are public bodies exempt from GDPR ie HMRC, local councils, water board, health authority etc? Can we opt out with these authorities from holding our data?
They shouldn't be exempt! If you do a company search (Dunn & Bradstreet, or Company Check), you will find that all of the "public bodies" are in actual fact registered as companies. The European Union, The House of Lords, local authorities, Police, Social Services, HMRC, Courts, et al, are all registered companies. The rabbit hole goes deep!
Great video but What happens if someone doesn't want you to store their information but you have to on there invoice for HMRC
Hi Daisy! Thanks so much for that video. It was really handy to understand what GDPR is. I've check comment section but no one asks for it. What about cookies and all tracking stuff? I put a notification when entering website we use cookies and third-party engines and 'I am OK with cookies' botton and 'Learn more'. The website is built on Shopify platform and doesn't really allow to put more options. Do you think an additional text like 'If you don't agree to use cookies please change the settings in your browser or leave page' will sort out the problem?
Very good video and clear advice
Glad to hear it Barry, thanks for the kind words. Daisy
excellent explanation
Excellent explanation. I love the video.
Quick questions, however:
i) In case a company wants to send a new email to clients for the first time, say to market a platform, does the company have to explain to the recipient where they got that data from? Moreover, given that this is an 'origination' email, can such an entity be sued based on this initial email or do the rules merely cover follow-up emails?
ii) Do these laws cover data obtained from other companies or purely an individual's data?
You must check unzeenu privacy policy. that is the best and simple one
Great explanation and presentation! Thanks a lot! (you can do the happy dance now haha)
Very well done, thanks
Thank you Olivier!
Hello and thanks for the video!
Do I need to add the 'Positive Opt In' checkbox if I'm not sending any marketing emails to my clients? I only send the booking confirmation email.
Great explanation, thank you for making this video so comprehensive! (GDPR is a scary unknown to me still!)
Thanks! Glad you enjoyed the video!
Great video - clear succinct and to the point - how does this affect using third party hosted solutions like SalesForce?
Hey, thanks for the lovely words - third-party platforms need to be complying however, it is your responsibility to ensure the platforms you use are GDPR compliant. If you need more clarity, I'd check this with the ICO helpline, I've found them useful. ico.org.uk/global/contact-us/helpline/ I've found them really useful at answering specific questions :) Daisy
what I personally believe is that these set of rules were aimed to control big companies behavior with data but the outcome was that these companies have huge number of lawyers and they can easily adjust to them. overall they got no major changes in their business. on the other hand, small and medium business will suffer complying with these rules and their job will more likely become very challenging. so as a result the rules served indirectly the big companies from any disturbing possibilities of new growing businesses.
Very well done!
Glad to hear it!
Very helpful Daisy. Thank you!
Phil! Thanks for watching, it wasn't as fun doing this video on my own! Hopefully see you soon :) Daisy
Very good summary...
Great stuff Daisy. I was checking it as well and I that found unzeenu.com Limited is the 1st company in the world to be GDPR compliant and was registered with ICO in the UK . Not really sure if google and facebook are still compliant 100%
is it mandatory to show the Privacy Policy on the navigation bar? i mean, what if your site does not have a navigation bar at all?
What will happen about business cards? can people still hand those out?
Absolutely Rachel! If someone hands a business card to you, that is an example of someone giving an 'opt-in' action to you having their contact details, however, if you want to use this person's information in another way ie. add them to your mailing list you will have to get them to 'opt-in' to that too and ensure they have access to you fair notice policy.
Sorry, all Verboten now!
If you meet someone and they're European, just run.
Thank you for the video. Two questions, first, what about emails you are finding on business or organisation's website or a leaflet. Doy you still ask them if they want to stop receiving emails from you? Obviously they want to be contacted! Second, what about old friends or groups of friends. Do I have to ask all of them too? Thanks.
MsMarchella sorry, but according to European regime laws, now everything is banned.