Protect your business from GDPR violations with LEADman

A big motivating factor for the development of LEADman was to help our customers avoid GDPR fines for breaching the 8 basic rights that individuals have under the GDPR:

  1. The right to access.
  2. The right to be forgotten.
  3. The right to data portability.
  4. The right to be informed.
  5. The right to have information corrected.
  6. The right to restrict processing.
  7. The right to object.
  8. The right to be notified.

How does GDPR affect your business?

To protect the individual's rights to privacy, the EU brought into effect on May 25th, 2018, the General Data Protection Regulation (GDPR). The GDPR provides EU citizens with more control over their personal data and affects all organisations that do business with European customers.

If a Global aviation giant like British Airways can be fined £183.39M for infringing the GDPR by the ICO, albeit a portion of the BA GDPR fine was for a data breach, you can be sure that every business should address their website's GDPR policy sooner rather than later.

Information Commissioner Elizabeth Denham said:

People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.

The GDPR still allows you to collect personal data, kept as secure as possible, as long as the individual’s privacy rights are upheld and he or she has given their consent.

For example,

  • Under GDPR, an organisation cannot send hundreds of cold emails to potential customers without their consent.
  • Under GDPR, an organisation can no longer send a marketing email to someone who has opted out of receiving marketing messages.

GDPR is not about restricting data collection, but rather about privacy, security, transparency and ultimately, trust. The qualities all customers want from someone they do business with.

How does LEADman help you comply with GDPR?

The eight basic GDPR rights, mentioned above, fall into four main categories. You will remember from our previous post about LEADman that we use the mnemonic "Captain, Data Forgot the Phasers" to make them easy to recall:

  1. Consent
  2. Data access and portability
  3. The right to be forgotten
  4. Privacy policy

as long as the individual’s privacy rights are upheld and he or she has given their consent.

Your privacy policy already tells your users who your organisation's data controller is, it already tells them how to exercise their basic rights with regards the data you hold for them, but how do you obtain their consent when you capture a lead?

LEADman lets you display a GDPR consent check-box, along with a GDPR notice, for your site's visitors when you collect leads from your DOCman documents or Joomla articles. When the user has checked this box, you have their explicit consent to use their data in accordance with your privacy policy and terms and conditions, this is known as opt-in consent.

Administrator

Site

Data access and portability

the data subject should also be allowed to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable and inter-operable format

LEADman's contact profile allows your contacts to view and manage their data without the need to create an account on your website. The contact can request a time-limited unique url that will give them access to a page on your Joomla website with the data that you collected from them. This addresses data access and combined with LEADman's trash-manager you're also ahead of the curve for data portability.

The right to be forgotten

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay

An individual's "right to be forgotten" means they should be able to have all of their personal data completely deleted from your system.

With LEADman's trash-manager your website's administrator can review all of the pending requests and ensure that the user's data is also removed from other systems, for instance the contact could be a site member or someone you've collected other personal data from through another Joomla extension.

Installing LOGman alongside LEADman activates the Activities menu in LEADman (all of our extensions are built to work together). From the Activities panel, you have access to all of the LEADman related activities that LOGman has logged, when coupled with LOGman notifications you can be certain that you'll never miss a GDPR related request.

Privacy policy

Transparency and informing the public about how their data are being used are two basic goals of the GDPR.

LEADman doesn't help you manage your site's privacy policy, that's something that's up to you. Your privacy policy should though include a note about what data you store and collect, but you should probably get your lawyer to check it over. Here's a great template that you can use if you don't already have a privacy policy or your privacy policy does not include information about the GDPR.

Generate GDPR compliant leads from your website

Is your lead generation strategy GDPR compliant? No? Then go ahead and try LEADman on our demo or download it from our Dashboard and take your first steps towards full GDPR compliance. Not yet a member? Get a subscription and start using LEADman today!

Download LEADman 1.2

Be the first to know about upcoming extensions, features, and news by following us on Twitter, Facebook or Linkedin

Written by

Waseem Sadiq

15 May 2020

Join 23000+ others and subscribe to our newsletter!