GDPR is almost here. We use: - Lead form to capture leads (name, email, project info, IP-not shown) - Google Analytics - Hubspot - Hotjar - FB Pixel Is it enough to: - create a "legal notice" indicating the tools used on our website, accessible from our website - create an internal document explaining where each data can be found (most of it is anonymous besides what is captured through the lead form) Do we need to do anything else? Like a "checkbox" on our lead form page about communicating the lead data to us, etc?
Of course, the first part of the process is to identify which personal information are you holding and for what purpose.
On the technical side, you need to have appropriate security for protecting such information (such using encryption in your laptop, or making sure you have "https" on you site when submitting information).
The process if of course, longer than that but that gives you an idea. Depending on your size it would be a good idea to bring an external consultant to help you with the process. The UK ICO has good information about you have to do.