+44(0)1268 906092 Website specialists

Making DTL, GDPR compliant is the subject of this blog post. Firstly we put together a project plan for what needed to be undertaken, and over the last few days we’ve been working through this and carrying out an number of actions to make sure our business and website is GDPR compliant.

The plan to make DTL GDPR compliant

What follows is the current initial plan.

  1. Information audit
  2. Map data flows, in, within and out
  3. Review privacy policies
  4. Mailing list consent historic review
  5. Cookies consent
  6. Mailing list current consent process
  7. Notify customers and suppliers of latest terms & conditions, and privacy policy
  8. Write data retention policy
  9. And, make sure all personal data stored and transported with appropriate level of security

Steps taken so far

  1. First we created a Trello board called ‘GDPR Project – DTL.
  2. Then we created cards for all the above activities.
  3. And we then did an information audit, we reviewed and documented all the personal data currently held, the source of the data, whether it is shared, how it’s stored, and what information is stored. We then did a detailed analysis of in the few occasions where data is shared, we analysed how it was shared and documented this.
  4. We separated the the data flow mapping into three cards: in, within, and out
  5. For data in, we looked at the data sources, and the risks associated with the transport of this data into DTL
  6. The data out analysis, saw that we looked at any data leaving DTL and it’s destination, and any risks associated with this transportation or future storage.
  7. For data within, we looked at where data is stored. And where it potentially could be shared or transported within DTL. Then any associated risks.
  8. From the above data analysis there were a couple of action points, including removing sharing of invoices to someone who used to do bookkeeping for the company.

And more steps !

  1. We used a privacy statement toolkit here: https://s3-eu-west-1.amazonaws.com/wewillthrive/GDPR-Privacy-Notice-Toolkit.docx?mtime=20180201162457 and all the information gathered with the data mapping to write a new privacy policy for DTL.
  2. And also, we have begun analysis of our mailing list (we only have one – for newsletters). Our focus is, looking into the consent model historically and going forward. There will be more information on this to follow (see next steps).
  3. Cookies consent – we have added links to cookie information, and added a cookie popin that requires people to accept our use of cookies before proceeding to view the site. We also did a cookie analysis of the site, which we may be taking action(s) on. You can see the new popin if you visit the site for the first time on a new device.
  4. We have sent out a notification to our customers via email informing them of our new terms and conditions and privacy policy.
  5. We’ve revised our contact form to explicitly ask people to review and opt into our privacy policy see here.

Next steps to make DTL GDPR compliant

Work out what we are going to do with our mailing list, and whether we need a dedicated mailing list for customers and suppliers.

  • We shall review current cookie usage of the DTL site, and we shall see if any of the cookies can be removed from the site (e.g. shopping cart cookies, as we no longer an ecommerce store).
  • Send a note to all our suppliers letting them know our revised terms and conditions and privacy policy.
  • We need to write a data retention policy.
  • We need to review and make sure all personal data stored and transported with appropriate level of security. Also potentially we may write a policy on this.

Please do get in contact if you would like any assistance with the above. We can help with making your website GDPR compliant.