When you have gone through your Client, Staff and Third Party dossiers on GDPRWise, we recommend the below steps to put your hard work to good use!
- Have a colleague review the content in your dossiers to make sure they accurately reflect how your firm handles personal data.
- GDPR requires that privacy related queries go through a privacy specific communication channel. So it is best to create a privacy@yourcompany mailbox alias. Once the alias has been set up, let GDPRWise know by recording the alias on the My Company > Details screen in the Privacy mailbox section. This will ensure that this privacy e-mail address is included in the privacy policy that GDPRWise generates instead of the email address of your privacy coordinator.
You are now ready to generate your GDPR documents:
- Generate your Customer Privacy Policy from the GDPR Documents screen and download RAW HTML version so that it can be incorporated into the CMS of your website. Please keep the footer referring to GDPRWise so your clients can see that you got assisted by professionals.
- Make sure you refer to your privacy policy in ALL your communications:
- On your website, your privacy policy should be available on all pages, so the best place to put this would be in your footer
- Your emails should always have a footer that refers to your privacy policy. You can use this email footer template as a starting point
- Your newsletter must refer to your privacy policy additional to having an opt-out option
- Your social media pages should refer to your privacy policy e.g. in the About section
- Marketing materials in digital and print should also refer to your privacy policy
- If you have Terms & Conditions, please make reference to your privacy policy as safeguarding the privacy of those you interact with is core aspect to the way you operate.
- It is advisable to inform all your customers via a mailing that your privacy policy has been updated. That way, nobody can claim afterwards that they were not aware of it, this is also a good moment to emphasise that you are a privacy-conscious firm. There is no need to ask for consent to do this mailing as you are only emailing existing customers.
- If your staff dossier has processes, do generate your Staff Privacy Policy from the GDPR Documents screen and download the pdf version. Forward this to each of your employees to inform them that your privacy policy regarding their personal data has changed. Going forward we advise you to include the PDF as an appendix to your staff contracts
- Download your GDPR register from the GDPR Documents screen and keep it somewhere safe. You will need this document when the regulator would ask for it
- You should also train those colleagues whom are customer or staff facing. Check out our YouTube channel for our training videos. If you need any help, do reach out for more information.
- With regard to security, it is advisable to do a regular review. Our knowledge base gives you advice on this: Data Security – what to consider.
- Your “data subjects” have rights e.g. right of access, so your firm should have the appropriate processes in place. Your privacy mailbox which you set up earlier can act as the go-to point for these requests. For each request received you should respond promptly and act according to the rules set out. Do consult our knowledge base on the Data Subject Requests topic.