GDPR (General Data Protection Regulation) is European legislation that will affect many freelancers. If you do business with any citizen in Europe and collect any of their data then this is relevant to you. Here at Freelance Heroes we are passionate about supporting freelancers and doing what we can to make life a little less complicated (the freelance lifestyle is rarely simple after all)! So with that in mind we recently held an event in our Facebook group where we invited a panel of experts to answer the burning questions that were on the minds of freelancers in our community.
In this post we will use the main findings of the discussion to identify the first steps you need to take to ensure you are compliant with GDPR.
Remember, you don’t panic, these regulations won’t have a huge impact on freelancers but if you do collect or keep details of customers or prospect then you may need to make small changes to your data collection and handling.
7 Steps to take
- The first step is to become aware, if you have any team members who handle data then it is also important to make sure they aware of the new regulations and the steps you are taking to meet compliance.
- Before you can make any changes, it is advisable to understand what data you already hold. Consider how you use this data and why you have it in the first place. Also think about how long you tend to keep information for and who you share it with. This data inventory allows you to recognise the next steps you need to take to ensure GDPR compliance. If you recognise you have any data you no longer use then this is a valid opportunity to delete it.
- Along with auditing the data you have, look at your privacy policy and if you don’t have one, look into putting one in place that can be easily accessed by your customers. This should include an explanation of why you collect data, were it will be and what you plan on doing with it. If you hold it within third party data processing sites then this needs to be clearly specified and you will need to check that these providers are GDPR compliant.
- GDPR covers individual rights. This includes the right to request you delete any data you hold on them. This is probably unlikely for a freelancer but if this was to occur you need to ensure you have a strategy in place to effectively delete information if required. The GDPR also strengthens the subject’s right to request a copy of the information that you hold on them. If a request was submitted, you now need to make sure you can comply and provide it within 30 days. Having awareness of this and a simple plan in place ensures compliance.
- It is important also to clarify consent. Make sure you have a clear procedure in place to prove that those on your data list have given consent to be there. If you are collecting data via a sign up form then a simple consent box added will suffice.
For those already on a list you can show that you have a ‘legitimate interest’ to market to them because you have had on-going contact and they have had opportunities to unsubscribe but have chosen to remain.
- Consider if you can verify the age of new sign ups or if you need guardians consent too.
- One area that freelancers will definitely be relevant to freelancers is the protection they have in place to manage data breaches. You don’t have to be a big multi-national company to be a victim of hacking. Think about how you protect the data and what your procedure would be if you did experience a breach. If this did occur, informing those whose data has become compromised is essential in the new GDPR.
We want to extend a huge thank you to our panel of experts for the support they provided our community, if you have any further questions please feel free to add them into our comments. Don’t forget to come and join us in our Facebook group so you can be there live and be part of our freelance family.