Probably everyone has heard about GDPR, and many companies have already updated their online presence in compliance with the new rules. But if you are still not familiar with this innovation, Redwerk will clarify what’s happening.
GDPR stands for General Data Protection Regulation that came into force on 25 May 2018 and was directed to the protection of personal data processing of all European citizens.
New rules allow EU residents to control the transmission of PII (name, email address, location and other information through which the identity can be determined) to companies that collect and store it for their purposes. GDPR requires the user’s confirmation of the processing of his/her personal information in the form of agreement or explicit actions. Besides, now every person has the right to know whether his/her information is transmitted to third parties and can request to change or delete all the data.
According to new laws, all European companies and also foreign organizations that do business with EU should follow GDPR. In case of non-conformity with the rules or other infringements related to the personal data, companies will have to pay huge fines that can reach 20 million Euros or 4% of the annual profit.
Redwerk, as an outsourcing software development company, works with clients from all over the world. And approximately half of those are from EU countries such as Germany, Netherlands, Belgium, etc, so we have to dig into GDPR. We have carefully studied the official documentation, reports, articles on this hot topic, and have stopped at 6 must-have actions to be GDPR compliant for companies and agencies like ours, And it turned out to be not so painful at all!
Come to the GDPR side, we *still* have cookies!
Cookies can give a great deal about the identity. Passwords and logins are stored in cookies too, so they are considered as personal information that should be protected. GDPR obliged all businesses to show what information can be collected via cookies, what services have access to the data and how they use it.
Since we are only collecting the basic set of cookies and essential data for Google Analytics, we have updated Cookies section on our policy page and have added the necessary permission to collect cookies on all our websites.
Two words – explicit consent. It means that visitors of any website and users of any service should understand what will happen with the data they enter voluntarily. GDPR stands for asking and re-asking website visitors whether they want to share anything about themselves. Better safe than sorry, there should be no assumptions of person’s data collection.
Ask any digital marketer, and he/she will tell you that any additional click reduces the overall conversion level, but rules are rules. We added a GDPR Agreement checkboxes to all our contact forms. Now users confirm the consent to provide their personal information to respond to their requests.
And requests are still coming 😉
Subscribers and leads
Let’s be honest, nobody wants to lose the precious contact list collected for years. But one of the main points of GDPR is not keeping excess data and data you don’t need.
So, one of the next stages was the revision of Redwerk’s contact database and deleting all information about people we hadn’t contacted for over two years, who didn’t answer our letters over a year and contacts that didn’t have the source tag.
But CRM isn’t the only contact database we have. There’re also newsletter subscribers, thousands of them. Widely spread solution was to mail everyone and ask to update newsletter settings. And that is exactly how you got all those “Let’s be friends” letters.
While GDPR doesn’t claim that you have to update the consent of each and every subscriber in your database, there are some basic rules. And the most important is that one about double opt-in for all subscribers.
Though email subscription check became a must-have condition for any company with an organic database more than 2 years ago, there are still websites that avoid it. So, if you haven’t got it already, now it’s high time to add double opt-in to all your newsletter requests and forms. Not having it is literally illegal.
At Redwerk, we integrated double opt-in subscription forms long ago. So, the only thing we had to do is to double-check them to avoid the collection of PII without human confirmation and to wipe out all the old contacts we were not sure of.
Depending on what services a company provides it had to send the updates of policies or add changes in term and conditions and then send it to their user base. Many companies have decided to cover all bases and have made global changes, informing everyone ever happen to be on their lists. But that’s another extreme, that GDPR calls to avoid.
Data Processing Culture
To complete our GDPR campaign, here at Redwerk office, we organized a team meeting and talked about the importance of protecting personal data processing and how we adhere to the new rules.
One more required condition for companies that have business relationships with EU countries and process personal information of European citizens is the availability of data protection officer. His/her responsibilities cover managing data processing, controlling GDPR compliance and being responsible for the protection of personal information. But it is a requirement only for companies with more than 250-heads team or those specialized in data processing.
What can happen if you are not GDPR-friendly?
With the current amount of information that is freely distributed on the web, most companies, even giants like Facebook, Google and US news websites did not take this new policy seriously and have already faced fines and blockings. It shows that GDPR is an essential innovation in the information field and everyone should observe it without exception (even if you have zero to none chance of getting European clients).
Don’t be shy, just comply!
Being a modern software development company means working with clients from around the world and dealing with various legal tides on a daily basis. But if you think that GDPR doesn’t concern you, you are utterly wrong. Even the slightest chance having a EU client obliges businesses to follow the new rules.
So, revise information management on your website and internally care about personal data of all your contacts and feel free to use Redwerk’s formula of essential GDPR-changes.