Drive sales on autopilot with ecommerce-focused featuresSee Features
- Give users more control over their data
You can also read along as she explains it to you.
Watch the video below:
Here’s a transcript of the video if you’d like to read along while you listen to KJ:
Let me start off by saying that I’m not a lawyer and that to get your business GDPR-compliant, you should definitely consult with a legal team or a compliance team.
Essentially, these are gonna look different between every business and every policy, but there are three big things to keep in mind and that’s gonna be:
- making your policy more transparent
- more comprehensive
- and then using it to give users some control over their data.”
“So making it more transparent—it’s gonna be in line with Article 12 of the GDPR, which says you need to use plain and clear language.
That’s a big thing and a big revolutionary stance on privacy practices and privacy policies, because before it was kind of the go-to that businesses would use a lot of legalese basically to disclose their data handling practices.
Now you want to cut out the legalese and you want to make your policy as easily comprehended and navigable as possible.
So there are a few things you can do besides using more clear language.
That’s going to be putting in a table of contents so that if a user comes to your policy with a question in mind they can navigate right to that section and get the answer they’re looking for.
Then another big thing that we recommend is putting in a section summary or a TL;DR so that a user can gather the information of that section of your policy without having to wade through any kind of legal jargon that you feel is necessary to keep in that policy.”
“So that’s making it more transparent. Then, making it more comprehensive—basically there are quite a few things that you’re going to need to add to your policy, most likely, to make it more GDPR-friendly.
Let’s see, that’s gonna be:
- the legal bases on which you’re processing or handling data
- how you use information
- how you collect information
- what information you collect
- who you share it with if you transfer it internationally
- and then some necessary contact information like your DPO or your EEA representative
Each of those, again, is gonna look different. Basically, the key stance you want to take going forward is to be as granular and specific as possible.
So take for instance when you’re writing in what information you collect, you should really break this down into categories such as personal information you collect.
That’s going to be:
- contact data
- credit card information
- email address
And then there’s information that might be collected through apps. So if you have an app then you’re probably collecting geo-location or you know various mobile device data.
So there are so many more categories you could add into your policy and that different companies will have or will not have, but the key is to be granular and specific to outline every piece of data you collect and every data handling process that you engage in.”
Step 3: Give users more control over their data
“So that’s transparency, making it more comprehensive, and then using it to give users more control over their data.
Basically, you just want to write something into your policy that says if you would like to request to view, edit, modify, or delete your data from our servers, go here and provide them with a link, a form, a page or whatever, where they can go and request action be taken with their data since the GDPR under Articles 15, 16, and 17 grant them this right.
So that’s really important to put in there.
Right, I hope this helps you all and good luck!”