Working With Your Digital Agency and GDPR

Thursday, 24 May 2018  |  Posted in: Articles  |  4min read

By now you would have heard, and be aware of GDPR, which stands for General Data Protection Regulation. GDPR represents new digital privacy standards which came into effect on the 25th May, 2018 and the regulation requires no enabling legislation, so it automatically became binding and applicable from this date.

While the focus of GDPR is on the European Union, most Australian businesses will find they need to comply regardless of whether or not they conduct business in, or offer goods and services to, EU covered regions. This is because the new regulation covers anyone from the EU, or even those holding a passport from the EU. Under our Australian privacy laws, businesses are not permitted rights to specifically identify EU citizens, so the best approach is to assume any personal data you have as a business may also include EU citizens.

 

The good news

One major positive for Australian businesses is that there are many similarities between the GDPR and the existing Australian Privacy Act (from February 2018). This means that if you operate your business in Australia and comply with our current privacy laws, you are likely to have already put in measures that are required under the GDPR.

Some similarities include the requirement for transparent information handling practices and business accountability. This is to provide those who share personal information with your business, the confidence that their privacy is being protected.

From a strategic and governance standpoint, the GDPR represents a significant opportunity for your business to make digital experience and data quality management, key strategic focal points; with improving consumer engagement, reputation and trust at the core.

 

Take a holistic approach to GDPR

GDPR involves an all-encompassing change to how your business deals with personal data handling practices, in order to comply. This extends beyond IT and web related roles within your organisation, and requires a holistic approach by all stakeholders.

When it comes to digital products and websites, under GDPR your company will now be required to build in privacy settings and have these activated in such a way that allows your users to opt-in – opposed to opting-out – by default. Operationally, your company will now be required to conduct privacy impact assessments and strengthen the way you gain consent to use data from each individual.

Other requirements include the documenting and disclosure of methods of use of personal data, and improving the way your business communicates data breaches, should they occur.

 

Working with digital agencies

Most digital agencies such as our own at The Digital Embassy will be able to provide advice and services in relation to implementing changes to your websites, digital marketing and other digital assets required under GDPR. These changes will help your business to comply with the new regulations, and enhance the experience for your users regarding how their privacy is handled.

It’s important to note that your digital agency is not a master of privacy law. Should your business fall under GDPR, we strongly recommend that you seek independent legal advice on how the new regulations will affect your business, and how full compliance should be achieved, as well as maintained.

 

Making your business website comply with GDPR

A good starting point is to make sure the policy disclosures and privacy statements featured on your website are up to date. These need to include clear explanations – in layman’s terms – how your business uses the data it captures.

A few more practical updates to be considered with regards to helping you improve your users online experience and comply to the new regulation include:

  • Using active opt-ins for accepting terms and consent on web forms
  • Segment different types of consent where personal information is captured to allow users opt-in only to information they wish receive
  • Disclose and gain consent where personal data is accessible to third parties such as payment gateway services, tracking software services, email subscription tools and even your digital or marketing vendors where they manage these services on your behalf
  • Make opt-out or removing of content an easy process on digital assets

By following the steps above, you will help your business to improve the user experience of your website, as well as other digital services. You will also begin the process of exercising better governance standards in gaining consent and control of the personal information you capture through these channels.

Let's work together

Want to start a project with us? Let’s discuss your requirements over a coffee at our place! Call us on 1300 375 368

Reset
[contact-form-7 id="120" title="Let's Talk"]
This website uses cookies to improve your experience. By using our website you consent to the use of cookies in accordance with our Privacy Policy
Read More