Content Snare and GDPR

Ah, GDPR. My least favourite four letter word.

As you’d expect, this is been a big part of our internal chats between our team, lawyers and the online community in general.

First things first…

This is not legal advice. You will almost definitely need to consult a lawyer to determine what you need to do to be GDPR compliant, and to determine if the GDPR even applies to you.

What is the GDPR?

Ha, just kidding. I’m not doing this again. It’s been covered pretty much everywhere.

It applies to everyone a little differently – there’s no “one size fits all” solution to what you need to do to be compliant.

Here, I’m going to focus on your use of Content Snare, the steps we’re taking and the the steps you’ll need to take.

Content Snare and GDPR

There’s two parts to this. When you sign up for Content Snare we collect some of your personal details. For this, we are the data controller.

The second piece is if you use Content Snare to collect personal data from your clients. For this, you are the data controller, and Content Snare is the data processor.

Your Personal Data

At the time of writing, the personal data we collect from you is a name and email. This information also gets sent to third parties who are also taking steps to become GDPR compliant. These are all listed out in the new DPA.

Right now, these third parties are used for app hosting, support, understanding how people are using the app (this data is anonymised), for billing/invoicing and referral tracking.

The most important things to note is that the Privacy Policy and Terms of Service/EULA have been updated. You will need to agree to these to use Content Snare.

Before the GDPR goes live, we’ll also be adding a consent checkbox for marketing emails on signup to the app.

Your Client’s Data

As a content and information collection tool, you may wish to use Content Snare to collect just about anything from your clients.

Now, it gets a bit more complicated when you are requesting personal data from your clients.

First, you need to understand what personal and sensitive data is as defined by the GDPR. You should check the GDPR itself for this.

In a nutshell, personal data can be anything that can be used to identify a person. So emails, names, IP addresses and much more.

Sensitive data may include data about health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal history.

We’ve updated the Terms of Service to forbid the collection of all sensitive data.

To collect personal data from your clients, you will need to agree to the Data Processing Agreement.

Consent for collecting personal data

If you are collecting personal data from clients, you’ll need to ask for consent to process their data. Note that even just storage is a form of processing.

If you are collecting website info, you might ask for a phone number, email address and other contact info. Whether or not this will end up on a public website, it is still personal data and should be treated as such.

You need to keep records and proof that your client gave you consent.

If you are using Content Snare to ask for consent, you could set up a section at the beginning of a request that looks something like this.

In short – it’s their name, a checkbox with your required GDPR wording and a date. Once the client has “completed” the info, you can “approve” it which means the date cannot be changed. If your client wants to withdraw consent, they can do so by contacting you directly. You should provide instructions on how to do this.

Eventually, Content Snare will have an audit trail to show when fields are changed, and by who. At this point, the date field will not be necessary as it will show in the logs.

Finally, if you are collecting personal data and sharing requests using a link (not requiring a login), it would be a good idea to protect it with a PIN. You can set this when sharing your request.

Consent for email follow ups

This is something you will need to consult a lawyer on for your particular circumstances.

If you are building websites, it is arguable that email reminders to your clients are a “legitimate concern” of yours and are in the best interests of your clients (so that you can complete their website).

I would recommend completing a “legitimate interests assessment” and store this away in case you ever need documentation to show during an audit.

If the follow ups do not form a legitimate concern and you need to get consent, you can add a checkbox to get consent. Only after that is selected should you enable follow ups for that request.

GDPR Resources

  • GDPR Checklist – this is a third party and requires an opt in. This is a great resource that has helped me immensely. There is an upgrade to buy the actual documents you can use.
  • GDPR for websites – an Agency Trailblazer episode specific to agencies
  • Using CRMs and the GDPR – by SalesFlare

James Rose

James is the co-founder of Content Snare and Aktura Technology. Once a web designer, his new priority is to help web designers and developers regain their lives, work less and get better clients.

He does this by writing helpful posts, building software and working with web designers to deliver the complex web development that they don't normally handle.

Get James' agency toolkit to discover the best tools and resources for creative and digital agencies

Get help, totally free

Have questions about getting more clients, the best hosting, building sites faster or just need a shoulder to cry on? Come join us in the group, hang out and get answers.

Are your clients taking forever to send you content?

Content Snare helps digital agencies get website & marketing content from their clients on time, in the right format, without email

A free weekly email with amazing resources to help you grow your web agency

Thanks for all the great insights and tools. There are not too many people I take notice of when they post stuff. Thank you.

Daniel Doherty
Content Kitchen

  • Tips on how to get more leads and convert them to sales
  • Best tools to use in your business
  • Improve your processes to get more time and have a life again

Learn More

x
0 Shares
Share
Tweet
Share