Making DTL, GDPR compliant is the subject of this blog post. Firstly we put together a project plan for what needed to be undertaken, and over the last few days we’ve been working through this and carrying out an number of actions to make sure our business and website is GDPR compliant.
The plan to make DTL GDPR compliant
What follows is the current initial plan.
- Information audit
- Map data flows, in, within and out
- Review privacy policies
- Mailing list consent historic review
- Cookies consent
- Mailing list current consent process
- Write data retention policy
- And, make sure all personal data stored and transported with appropriate level of security
Steps taken so far
- First we created a Trello board called ‘GDPR Project – DTL.
- Then we created cards for all the above activities.
- And we then did an information audit, we reviewed and documented all the personal data currently held, the source of the data, whether it is shared, how it’s stored, and what information is stored. We then did a detailed analysis of in the few occasions where data is shared, we analysed how it was shared and documented this.
- We separated the the data flow mapping into three cards: in, within, and out
- For data in, we looked at the data sources, and the risks associated with the transport of this data into DTL
- The data out analysis, saw that we looked at any data leaving DTL and it’s destination, and any risks associated with this transportation or future storage.
- For data within, we looked at where data is stored. And where it potentially could be shared or transported within DTL. Then any associated risks.
- From the above data analysis there were a couple of action points, including removing sharing of invoices to someone who used to do bookkeeping for the company.
And more steps !
- And also, we have begun analysis of our mailing list (we only have one – for newsletters). Our focus is, looking into the consent model historically and going forward. There will be more information on this to follow (see next steps).
Next steps to make DTL GDPR compliant
Work out what we are going to do with our mailing list, and whether we need a dedicated mailing list for customers and suppliers.
- We shall review current cookie usage of the DTL site, and we shall see if any of the cookies can be removed from the site (e.g. shopping cart cookies, as we no longer an ecommerce store).
- We need to write a data retention policy.
- We need to review and make sure all personal data stored and transported with appropriate level of security. Also potentially we may write a policy on this.
Please do get in contact if you would like any assistance with the above. We can help with making your website GDPR compliant.