Blog
Spectre of data protection/GDPR. As a direct marketer, you have to keep this in mind!
Sebastian Terlunen
As a direct marketer, you collect a variety of data every day. As a result, in order to ensure data protection, you must consider certain points when processing data by your customers and employees. Because since 2018, the European General Data Protection Regulation (GDPR). In this blog post Find out exactly what you need to consider and how to best handle sensitive data.
For all companies within EU Is the GDPR binding and guarantees that a uniform level of data protection is maintained. The focus is on personal data, as it is particularly susceptible to data misuse. This personal data includes, for example, the customer's name, date of birth or IP address. According to Section 3 (1) of the Federal Data Protection Act Personal data is individual information about the personal or factual circumstances of a specific or identifiable natural person. It is important that you can only collect this data from your customers if they have given their prior consent.
For you, this means that if you want to collect data that is not used for a contract, the customer must give you written consent. In addition, you must inform the customer of the exact reason for collecting, processing and using the data. Die GDPR also states that you are only allowed to collect as little data as possible. For you, this means that, for example, you need your customer's address to deliver goods, but not their date of birth. Another factor is earmarking. For you, this means that you can only use your customers' data for the specified purpose. The content and factual accuracy of the stored data must always be correct. You must ensure that the data is always up to date.
To ensure data security, you must take all technical and organizational measures that are necessary for this. For example, you have to go through encryption, password protection and access permission protect your customers' data. It is important that the data must be deleted when you no longer use it for the intended purpose. This also applies if consent is withdrawn. You should document that you comply with these requirements, because you must be able to prove that you comply with the GDPR guidelines at any time.
If you want to collect and process personal data, you need oral, written, or electronic consent from your customers. It is important that you state the purpose of processing as precisely as possible. You cannot request consent for all purposes and consent must be withdrawn at any time. Since you must be able to prove consent to data processing, it is best to obtain this in writing or electronically. Verbal consent is usually difficult to prove. If you consent to data processing through a double Opt-In Holst, the box must not be automatically checked off. A simple Opt-In This is not sufficient, as the email address may be provided by an unauthorised third party.
When you share personal data with third parties, for example to a electronic payment service, you must ensure that the EU General Data Protection Regulation is also complied with here. You are still responsible for ensuring that everything is complied with. If more than nine employees in your company have access to personal data, you need a data protection officer. You must also treat the data of your employees and applicants just as carefully as the data of your customers. The same storage requirements and maximum storage periods apply here.
Tips for GDPR compliance
Create a list of processing activities. To do this, record exactly what personal data you collected when, how and for what purpose. In this way, you can better comply with the proof requirement. Develop a fixed process for the path that personal data goes through in your company. This should also be recorded in writing. It is best to create a list in which you document all processes associated with data processing.
Sometimes you're not even aware of where you're collecting data. You collect data from customers, for example, via social networks such as Facebook or Instagram. Even on your website or your webshop data is collected. Of course, data is also revealed when making payments, for example when paying by card. Personal data also plays a role in marketing. With a newsletter, you must therefore also obtain the consent of the customers.
Consent is the most important part of data protection law. Consent is absolutely necessary, especially when sending advertising by email or newsletter. It should be noted that any communication that serves to promote sales or to promote a company's image is advertising. For you, this means that you can only send advertising after an unequivocal declaration of intent. Consent from children under 16 years of age is no longer allowed under the new GDPR. For a newsletter, for example, there is only one Double Opt-In And a Confirmed Double Opt-In legally sufficient. This means that with double opt-in, you can subscribe to the newsletter by clicking on a confirmation link in a separate email after entering the email address. With Confirmed Double Opt-In, the customer also receives a confirmation email.
According to data protection, the declaration of consent must be given to the person concerned clearly identified as such can be. It must be clear from the wording that the person consents to the collection and processing of data with consent. You must be given a clear indication that the submission of the declaration of consent Voluntary in any case is done. It is important that you clearly state for which purposes the data is used and that you also agree to it later on. Make sure that you always provide a complete legal notice both for newsletters and for your website/web shop.
As a website and web shop operator, you must explain to your user which personal data you collect, store and use. The most important part of data protection for websites and web shops is the privacy policy. Since your online shop If your website usually collects significantly more data than your website, the privacy policy for your web shop applies more extensive off. So orders online can be given up, do your customers have to be able to give up certain personal data enter. During the ordering process, you can point out to your customers that data necessary for delivery and order processing will be passed on to third parties. You can also specify that data that is no longer required is automatically deleted.
When integrating social network tools, a lot of data is transmitted from the shop to the operator of the respective service. Almost all online shops use tools such as Google Analytics, Etracker or Piwik to analyze user behavior. Since personal data is often evaluated for this purpose (IP address, customer data, email address), you must inform your customers about this and other rights, such as a right of objection, in the privacy policy. It is very important that you pay attention to these requirements, otherwise you could face heavy fines.
With FrachtPilot You're on the safe side, of course! The online shop by FrachtPilot provides you with all the necessary basics so that you can create a legally compliant online shop with all the necessary information in just a few minutes.
Support you in other ways too FrachtPilot during all work steps involved in your regional direct marketing. With FrachtPilot, you can get started right away. As innovative software Do we particularly value a simple and efficient operation laid. All of your Work steps are digitally supported. Regardless of whether orders are placed via webshop / mobile app, inventory management, Route planning, renditions or reckoning.
