Originally written by Anna Jordan on Small Business
When you’re setting up your business website, checking that you’re GDPR compliant may be lower down on your list of priorities.
However, even as a one-person operation, you must be in line with the law – or else you could be slapped with a serious fine.
We want to take the intimidation out of the process by guiding you through these nine steps to GDPR compliance for your new site.
1. Establish where your data comes from and how to handle it
As a quick reminder, personal data is defined as any information which can be used directly or indirectly to identify a person. It could be a name, photo, email address, bank details, medical information, computer IP address, cookies or social media posts.
Your starting point is to know where data comes from and what you do with it. Data can be collected through Google Analytics and GPS location trackers as well as through email sign-ups. Next, pinpoint where the information is stored and who can access it.
Work out your procedures for:
Proving someone has given you consent
What to do if someone wants their data to be erased
What to do if you suffer a data breach
At this point,