GDPR Compliance and Best Practices
Three suggested steps to get you started:
- Inform your visitors and get their consent. Whenever you need to collect data from a user, make sure to clearly state, among other things, why you need it, what you plan to use the data for, whether it may be shared and with whom, and the lawful basis on which you are relying to collect such data. For example, if you have a newsletter or mailing list, make sure that the purpose of your sign up form is very obvious so they know what they are signing up for.
- Evaluate third-party apps and vendors for compliance. If you are using any third-party services to gather or process customer data (Shopify, eTower) you will need to check with those companies to verify they are GDPR compliant and will assist you with, among other things, users’ data removal and portability requests.
Please note that the information provided herein is for general informational purposes only and does not constitute legal advice; it has not been prepared with your specific circumstances in mind and therefore may not be suitable for use in your business. By relying on the information contained in this blog post, our FAQ, and policy generator, you assume all risk and liability that may result.