Questions

GDPR is almost here. We use: - Lead form to capture leads (name, email, project info, IP-not shown) - Google Analytics - Hubspot - Hotjar - FB Pixel Is it enough to: - create a "legal notice" indicating the tools used on our website, accessible from our website - create an internal document explaining where each data can be found (most of it is anonymous besides what is captured through the lead form) Do we need to do anything else? Like a "checkbox" on our lead form page about communicating the lead data to us, etc?

Of course, the first part of the process is to identify which personal information are you holding and for what purpose.

Based on that you'll have to do an impact assessment and map where all that info is going (I assume you use third parties like Google Apps or Dropbox). You need to collect Data Protection Agreements which should cover GDPR and of course update your privacy policy.

On the technical side, you need to have appropriate security for protecting such information (such using encryption in your laptop, or making sure you have "https" on you site when submitting information).

The process if of course, longer than that but that gives you an idea. Depending on your size it would be a good idea to bring an external consultant to help you with the process. The UK ICO has good information about you have to do.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/


Answered 6 years ago

Unlock Startups Unlimited

Access 20,000+ Startup Experts, 650+ masterclass videos, 1,000+ in-depth guides, and all the software tools you need to launch and grow quickly.

Already a member? Sign in

Copyright © 2024 Startups.com LLC. All rights reserved.