Any business that markets their products and services to the EU must ensure that they comply with the new General Data Protection Regulations. Here are four steps to take to ensure compliance for your business.

1. Add Cookie Consent

Web users in the United Kingdom and some other countries have been seeing these cookie consent pop-ups for a while now. GDPR mandates them for those nations that had not yet adopted them as a requirement from website operators. A cookie is a small file that is stored on your computer and which contains information about the sites that you visit, and what you do while you are there. This is great if you don’t want to have to log-in each time you visit a site. Instead, the cookie acts like a digital pass. However, cookies can also be used to track users’ online activity, and they can even gather information about other websites the user browses. Fortunately, there is already a very useful tool designed to help you ensure compliance in this area, that tool is called Cookie Consent.

2. Ensure You Get Explicit Consent For Data Collection

One of the biggest changes that GDPR has introduced is the requirement for businesses to gather explicit consent for any and all data collection they undertake. They must also give users the option to opt out of receiving marketing message at any time. So, under GDPR, if you wish to ask for an e-mail address for the purposes of marketing, you must tell the user this as they are giving you the information. There must also be a tick-box (which cannot be automatically ticked), which the user must click to give their consent.

3. Update Your Privacy Policy

You have probably noticed that over the last couple of weeks, most of us have received a deluge of e-mails regarding updates to various privacy policies. This is because GDPR has set out some new requirements for what a privacy policy must include. Again, there is a very useful tool, Terms Feed, which can help you to write a privacy policy that is compliant to GDPR, while also being specific to your business. It is always a good idea to consult with your legal counsel to be absolutely sure that your policy is GDPR compliant and you aren’t leaving yourself open to any nasty surprises further down the road.

4. Always Have Contingency Plans

You should always have a plan of action for what to do if a breach in your system occurs and sensitive data is compromised. Furthermore, whenever you dispose of a piece of IT equipment, be it a smartphone, laptop, or tablet that was company property, you need to ensure that it is disposed of correctly. It is worth having a contact on hand to help you handle IT asset disposal in a GDPR compliant manner. When a breach is detected, GDPR gives the business 72 hours to report it. It will, therefore, help you considerably if everyone on your staff already knows the protocols and procedures. Ensuring GDPR compliance is likely going to cause businesses a bit of a headache for a while. However, in the long run, these changes should lead to a much more open and fair internet. One where consumers aren’t afraid to trust businesses