GDPRi.co stepped us through the process covering
off much of what we have to do, including a lot we didn't know about.
Every day we get this question from people searching for answers.
The answer is YES and you probably don't need a team of lawyers, you probably don't need days of consultancy, you probably don't need to make many changes to the way you're doing business...
Whether you use GDPRi/co or not to help you get compliant, read this list and you'll be most of the way to home & dry when you've ticked them all off
Read & act on this stuff on the right, and you're well on your way to getting this off your desk. It's not (that) difficult!
Whether you use GDPRi/co or not to help you get compliant, read this list and you'll be most of the way to home & dry when you've ticked them all off:
There are a host of privacy statements that you need to present to your "data subjects" at different stages of doing business. These include things like your Legal Basis for Processing, Rights to Object, Retention Statements and various others.
Got tools and a system for your data subjects to demand changes, erasure or access to their data, respond in the legislated time limit and keep an audit log of the whole thing?
You probably leak personal data more than you realise. That's OK as long as you've told your data subjects what's going to happen with their information. You still have to maintain clear records and logs of who gets what though.
Did you know that any loss, destruction or exposure of data classes as a breach now? You don't have to report every breach to the Regulator, but you DO have to maintain an audited log. A breach can be as simple as accidentally deleting some staff phone numbers, it doesn't have to be an all-over-the-news-attack.
Anyone you share personal data with needs to have a contract with you. Some you won't need to think about - companies like Sync, Dropbox, Office 360, Mailchimp, Shopify will all have big, expensive contracts in place. But for everyone else you'll have to have a contract on file somewhere.
Think you've got consent sorted wherever you ask for it? It's only valid if you get it in the right way.
A big part of the legislation is keeping track of your decisions and changes. It's another folder to keep up to date like your health and saftey log, complaints log or any of the other logs we run.
We show you what to do rather than giving you a huge pile of documents to fill in. Everything is laid out in a step by step Dashboard. Just complete each step and another one of your @TODOs is done.
Wherever possible we've included links into the Regulations where needed, links to the ICO, popup help, video and so on. We're also here to answer any questions where we can.
Finally we host the whole lot in our fast, encrypted, secure data centers in the UK. Just link to your GDPR Register from your website, documentation or wherever you need.
Take a seven day free trial and get GDPR Compliance off your desk. Get full access to all our tools, documents and your GDPR Register for seven days risk free.
If you decide your business would be better served by employing lawyers, consultants and developers instead, there are no hoops to jump through to switch off, just click a button before the trial ends and you won't be charged a thing.
Important: We'll send an activation link to this email address, so it must be one you can access. Emails with anything about 'GDPR' typically go to spam or other holding folders, so please check there if you don't receive a mail from us in the next couple of minutes (normally a few seconds).
Almost certainly. If you've got staff or customers, then you've got personal data in electronic or paper files. You’ll have to comply with the GDPR regardless of your company size, if you process personal data.
It's not been well publicised by the government since its introduction in 2017. There's a ton of information on the ICO's officla website now though.
Makes no difference - there will be some subtle changes in the way it's implemented, but as a whole - still here.
You might be shocked by just how much personal data you are actually holding, or where you're sharing it. Taking the Wordpress site as an example : non generic email addresses from members / comments, IP addresses in logs, sharing data with webhosts, Mailchimp, Disqus and more.
Absolutely not. You can read through all the government documentation and go it alone, you can employ lawyers or consultants (last consultant we spoke to was £700/day+VAT and said around 3-5 days for typical micro / small business) or you can just ignore the whole thing and hope for the best (please don't do the last one!!)
Yes, but you still need to be compliant. You only need to send out one of those "please resubscribe" messages in certain circumstances though. That's outside of the kind of advice we can give you but lots of lawyers have posted an answer to that very question (Google : resubscribe consent mailing list gdpr).
Maybe, but probably not (from what we've seen). Most software providers with well adopted platforms have made the bits of their software that you use compliant; but that's not everything that you as a business have to do. For example, we saw a booking system that had added ways to download, erase and update customer records more easily (making it easier for you to comply with 'Data Access Requests'), but that's just one piece of the puzzle.
Yes! 7 days.
The email address because we need to be able to communicate with you for login details, make sure everything is going OK and so on. The system sends out those kind of transactional mails as required. All our product updates and so on are handled through Mailchimp so easy to unsubscribe.
Three reasons. The honest one that nobody ever tells you is that when the free trial period is up, you're more likely to stick with, use and benefit from the service if you start paying for it. It also helps us verify your account and makes sure there's no interruption to your service. We don't charge anything until the free trial period is over; and if you cancel beforehand, you're never charged.
Some things we can help with, others we can't. GDPRi/co is designed to help you get compliant. We work with legal teams, but we're not lawyers. If you suspect you need legal advice, don't take our word for it. That said, we've worked with the regulations in intimate detail for -ages-, have spent hours grilling the ICO (and even more hours listenting to their hold music) - so at the very least, we're good to talk to before you hit the legal bills.
Email, chat (bottom right) if we're online (goes to email if we're not) are best. We're a small team so sometimes tricky on the phone, but the number's in the footer if you need it.
No service, document, advisor can make you compliant - there's still work to do. We can't stop you doing bad things with your data, we can't help you secure your systems and so on. What GDPRi/co DOES do is help guide you through the process and give you tools to make complying as quick and painless as possible.
We can't talk for everyone else of course. But our goal is to help get as many UK SMEs compliant with GDPR as possible. We're not a consultancy company. We're not interested in selling you the most complicated consutlancy on earth to make more money. Our business is about using technology, the knowledge and experience of the many, and clever systems to create a superb product at a very affordable price. We're in it for the long term, not a quick consulting job :)
An email is on its way from support@gdpri.co with a subject starting [GDPRi]. There's a 50/50 chance it will go to your inbox, but could end up in spam or promotions. Normally we get through in a few seconds, but if you haven't received anything within a few minutes please check there.
-