# New GDPR Regulations - Where to start to comply



## Jcwminiadventures (Dec 3, 2011)

It’s not a detailing buisness but I’m hoping anyone in the know could help a fledgling young buisness woman comply. I know it last minute but I’ve just been made aware this new law applies to every buisness so I need to get my skates on! The buisness is pretty new so I’m still learning & finding my feet. I’ve read tips etc about where to start but still going over my head! 

My website is created & platformed by wix (domain is with fast hosts) so I will be adjusting my contact form to comply/adding a consent option. The few emails I have from previous contacts/jobs I’ll also be using a wix form to gain consent also. 

My confusion still lies with how do you gain consent for mobile numbers & people that have only phone contacted you. Plus addresses of jobs to go to. 

Also seems to be a black area if I need to create a privacy policy & what that needs to include! 

Any help,tips & advice is gratefully receicved as been employed most of my working life to date this is all new. 

Thanks in advance


----------



## WHIZZER (Oct 25, 2005)

If you need to collect anyone’s personal data :-
•Ask for permission stating the reason(s) you need it.
•If you don’t have permission don’t collect it.
•Only collect what you need.
•Only use it for the purpose(s)stated.
•While you’ve got it look after it.
•Keep it upto date and accurate.
•The data subject can withdraw their permission at any time.
•If you don’t need it any longer or permission is withdrawn get rid of it, SECURELY


----------



## djberney (Oct 2, 2016)

Don't get too tied up on the consent side. Whilst it is important, it is only one of the bases for processing. Some of your processing sounds like it is more likely to fall under the performance of a contract basis, as this includes prior to entering into the contract. If someone contacts you by phone to go out and look at a job then those details will fall into the 'prior to entering into a contract' part.
Whizzers advice about only processing the minimum needed is great, and you should bear it in mind even under the other bases. This includes retention for only as long as necessary.
You need to come up with a privacy notice, possibly more than one, to cover who you are, what you process, how you process it and how long you are going to keep it.
It's obviously easier for bigger organisations to get specialists to do this, and there are plenty out there claiming to be, but just like detailing there are cowboys looking to make a buck who might not even do as good a job as you could do yourself with a bit of work.
Good luck with it.


----------



## mar00 (Jun 24, 2018)

as previous posts mention and spot on, its not all about consent, you are responsible for all the data collected and stored, there are still lots of grey areas so don't worry too much, the main thing at the moment is that companies are making an effort to comply and working towards it fully,

from the website point of view, you need to state what is collected and how its used and stored, 

obvious one is the contact form and cookies,

others you may not realise could be things like google maps, social media widgets, Google Analytics, Google reCAPTCHA ( basically anything Google ), 

if you use a payment gateway customer data will be handled but depending on platform possibly no information is moved through or held on the site its self, you could have a link to their privacy policy, 

WIX will probably collect data about visitors to your site too, link to their policy,

if you looking at GDPR policies on other sites just remember they may not be optimised yet, as they are now supposed to be written in plain english too not all the legal jargon,


----------

