Proposal to make webpage GDPR Compliant
All the work has to be done on the 4 versions of the site (4 languages):
.com | .com/es | .com/pt | .com/de
Scope of work
2) Opt-in Forms: All the blog forms have to be made opt-in and double opt-in
3) Template modification and creation:
- 1 new 'commercial' template for mail -> This one has logo, responsive design, colors etc (clean but good looking)
- 1 new 'personal' template for emails -> this one should look like a personal email (clean, no logo, good signature, no extra design or formatting.
Then transfer all the existing automation-emails to use one of these new templates and make sure the emails are GDPR compliant
4) Data Transfer disclosure
- Eyes on personal data transfer. Make sure that the data processors will ask for approval whenever they intend to transfer data outside the EU/EEA. The same rules apply when the data processors intend to subcontract part of the services they provide.
5) Data Protection Impact Assessments
6) Consent Has to taken from the Old customer base Through en e-mail campaign
7) As if now Now once a customer comes to our site, we start recording their behavior on site (cookies). This has to be stopped. Once they give consent, then we will start using cookies.
8) One additional work will be done: Blog subscribers should have the option to pick their email frequency: Instant notification, Monthly Notification or weekly Notification
Some concern was shown that how long you can keep customer data:
Our advice: As long as Required
Ref GDPR: Article 5 (1) 'b' and 'e' (The emphasis under the GDPR is data minimization, both in terms of the volume of data stored on individuals and how long it's retained. To summarise the legal requirements, Article 5 (e) of the GDPR states personal data shall be kept for no longer than is necessary for the purposes for which it is being processed.)