Getting Your Schedule Under Control As a Freelancer
If you remember working in a cubicle, or if you work in one now, you might have dreamed about what it would be like to work
AND.CO is now Fiverr Workspace
GDPR is here.
It’s not often that new regulations make such waves.
But everyone’s talking about this one, and if you’re subscribed to even the odd email newsletter, chances are you’ve recently received a deluge of emails with updated privacy policies.
If you’re anything like me, you’ve been straight up ignoring these – regulations, privacy policies, acronyms… They aren’t exactly the most exciting of topics.
But as a freelancer, you’re running a business – which means this new regulation might affect you and there are certain things you’ll need to do to comply.
Don’t worry – I’ll make it quick and (relatively) painless…
The EU General Data Protection Regulation (GDPR), which came into effect on May 25th, 2018, is designed to standardise data privacy laws across Europe and protect individual’s data privacy.
And while your business may not be operating in the EU, if you handle personal or sensitive data of EU citizens (like contact information, IP addresses, or credit card numbers), you’ll need to comply with the new rules.
It’s a pretty complex law, but it these are the main concepts:
Businesses who don’t comply with the laws could be subject to large fines. In fact, despite spending 18 months preparing for GDPR, Facebook was pummelled with a $4.5B lawsuit on day 1, and complaints have been filed against Google, Instagram and WhatsApp too.
Time to make sure you’re safe!
Let me start by saying I am definitely not a lawyer, so please don’t take this as legal advice and talk to your lawyer to discuss how the new laws will apply to you specifically.
Keep in mind that you only need to comply with these laws for users from the European Union, so you could separate out users from within the EU and deliver a GDPR-compliant experience for them if you think these actions would limit your marketing to people from other countries.
If you do any kind of email marketing or collect email addresses for a newsletter, you’ll need to review how you’re gathering, using and storing that data.
Under GDPR, you must use a tick box for people to give their consent for you to keep their data, and it can’t be pre-ticked. It must be a positive opt-in too – so you can’t ask people to ‘tick here if you don’t want to be on the email list’.
Especially if you might not have a checkbox somewhere, make sure to have double-opt in active for your newsletter. This means people who subscribe to your list receive a confirmation email, where they’ll need to click a link to verify their email address. Consent is a big part of the regulation, and this is the best way to prove that people on your mailing list gave their permission to be on it.
If you use Mailchimp, this is likely already setup, as they make double-opt in standard now. They also offer GDPR-friendly forms. If you use a different mailing software, it’s worth checking their specific advice too.
Under the new regulations, you need to make sure it’s clear to users what they are signing up for. Be specific about what communication they’ll receive from you.
All of your emails should have a clear unsubscribe button, and you must be able to delete all of a user’s personal information on request.
Once you’ve collected people’s emails or other data, it’s then essential that you store it in a secure way. There are some general precautions you should take to keep your data secure (like protecting against viruses), as well as some more extreme steps you can take if you want to be doubly sure.
Security of data needs to be a top priority; this means ensuring you have adequate protection from malware and viruses.
The beauty of being a freelancer is that often, you can work from anywhere. But if you’re working from public WiFi in your local Starbucks, you’re much more susceptible to data being intercepted. Make sure you use a private, encrypted network.
There’s nothing worse than losing your laptop or memory stick – especially when it’s full of your life’s work. Secure backups are just good practice for a freelancer, but they’re also crucial if you hope to comply with data breach reporting and notification requirements of the GDPR. You are required to notify anyone whose data may have been compromised as part of a breach – something which would be pretty difficult without a backup.
While we’re on the subject, if your device is lost or stolen, you need to make sure any data on there is secure. Password protecting your devices is not enough – the data could easily be transferred to another machine and read. Conduct a complete audit of all devices used to store client information and ensure they’re secure and encrypted – typically your computer, phone, or hard drive. It’s also a good time to securely delete any documents you no longer need to keep.
If you use Google Analytics to track traffic to your site, you may have already seen a notice pop up in the header bar at the top of your analytics account. Make sure you check your settings and accept the terms of service.
It’s also good to know that under GDPR you’re allowed to keep data if you need it for legal or accounting reasons. This means that things like contracts, signed proposals and invoices can be kept for multiple years if necessary (and required by your local laws for audits on financial or other records), even if your client asks you to delete their data.
These laws are already in affect, so get straight on to ensuring you’re compliant. You’ll feel better once it’s done… and then you can get back to doing the fun stuff.
Our automated technology and intuitive tools take care of the small stuff so you can
focus on what matters