No doubt by now you’ve heard of GDPR, the EU’s General Data Protection Regulation that takes effect on May 25, 2018. You may already be taking steps to ensure compliance with the legislation, or at least you have it on your radar.

As digital creative agencies, software companies, ecommerce providers, advertisers and more, digital shops are dealt a double dose of GDPR. Not only do we need to protect our own company and customers, we also need to sort out GDPR as it relates to our clients and projects. With all the primers, checklists, webinars and resources out there, it can be tough to say for sure what you should be doing, especially when things you hear conflict with other things you’ve been told.

Worry not, we’ll get through this together. A quick note, this information is intended as a resource, not legal advice. Be sure to discuss GDPR with your legal counsel to make sure you’re taking the appropriate steps to comply with the new legislation.

GDPR: Long Story Short

The GDPR is a European Union privacy law designed to protect the privacy and safety of EU citizens. As the BBC reports, the GDPR is designed to:

  • Require consent be “freely given, specific, informed and unambiguous.” No longer can consent be buried in lengthy terms and conditions.

  • Make it easier to find out what personal data organisations hold

  • Mandate companies report data security breaches

  • Increase fines for breaches to about £17.5m or 4% of global turnover, whichever is the greater


How Digital Shops Are Preparing for GDPR

Shops within the Bureau community tell us they’re reviewing and updating their processes, privacy policies and client agreements, and also reaching out to vendors to ensure compliance. Here are a few things shops can do to get ready for May 25th:

  • Update privacy policies: Rope in legal counsel to discuss and review privacy policy statements, working to remove legalese and make clear what data is being collected, how it’s being used and what rights people have to it.

  • Get ahead of data protection agreements: As one attorney within the community advised, "While privacy policies for your brochureware sites are important, I think the focus should be on getting out front with your clients in terms of the agreements they want you to sign, so that you aren’t being forced into overly broad Data Protection Agreements." (Again, just a resource, not legal counsel.)

  • Check in with CRM and email vendors: Make sure your partner companies are in compliance.

  • Revisit internal practices: Review how you are collecting and processing data to ensure you meet GDPR requirements.

GDPR Resources

Looking for more information? Here are some resources and tools shared by the community:

Share Your Story

How are you getting ready for GDPR? Share your insights and tell us what you’ve found to be the most challenging.