GDPR Deadline: Have You Taken This Critical Step?
As the May 25th deadline approaches, company leaders are incrementally preparing their teams for the new legal landscape outlined by the General Data Protection Regulation (GDPR). Most companies have made internal adjustments that are complete or nearly complete by this point, and if you’re a CEO or CIO in this category, you’re well on your way to upgrading your data protection infrastructure and hiring any new personnel you may need (for example, a Data Protection Officer) who can keep you compliant as new challenges arise in the future.
But there’s one step that some organizations are putting off until the last minute. And since the last minute has arrived, it’s time to complete this critical task: Public-facing company documents will need to be revised and republished to reflect new procedures, standards and data management protocols. Here’s a brief checklist that can guide the process, though it’s by no means universal or comprehensive. (Each individual organization will have a unique set of documents that will need a second look.)
Terms of Service
20-page fine-print terms of service agreements with outdated language regarding how the company collects, uses, stores, and shares private user information will need a thorough overhaul. This is important for all clients—those who access the site for free and those who pay for subscriptions or downloads. The more transparent and accessible the information, the better. Keep the terms readable, as short as possible, and reflective of the company’s new standards and internal data controls.
Clearly outline exactly how users and site visitors will subject their data to exposure. Be sure to include the company’s new rules for alerting users in the event of a breach or hack. If users will hold responsibility for any aspect of their data transfer or ownership, these responsibilities will need to be made clear.
Individual Service Contracts
Update the language of all documents that clients and customers will sign before accepting services, products, payment information, or cancellations. Include information explaining (in accessible language) how long private data will be kept and how and when it will be disposed of.
Website Landing Pages/ About Us
Business models will generally require a higher level of transparency in a post GDPR-era. If your business model depends on the use of customer information to provide free services, you’ll be wise to mention this upfront.
An Announcement of Compliance
A general announcement that describes the company’s state of readiness for the GDPR, recent internal changes, and general approach to data privacy can reassure both present and future customers.
Document Revision Guidance
Support for the document revision process can be major or minor, partial or comprehensive, and an established team of consultants can help with both. Contact us for cursory regulatory advice and guidance, or for support with every detail of your rewrites.