This guide is about creating online products that sell leads. In order to design and market these products in compliance with the GDPR, we have defined the following points in cooperation with our legal team. Please note these carefully to ensure that the rights of data subjects are protected and that your product complies with the legal requirements.
1. Consent of the data subjects
Steps for obtaining and proving consent:
Create consent forms: Create clear and understandable consent forms that explain the purpose of data collection and processing.
Obtain consent: Explicit consent must be obtained from the data subject before processing personal data. This can be done by ticking a box, a signature or by express consent in electronic form.
Proof of consent: Document the consent process carefully. Store proof of consent in a secure database so that it can be presented if required.
2. Transparency
Steps to ensure transparency:
Privacy policy: create and publish an easily accessible privacy policy on your website. This should include:
Who collects the data (name and contact information of the company)
The purpose for which the data is collected and processed
To whom the data is passed on
The rights of the data subjects (e.g. right of access, right to rectification, erasure, data portability)
Communicate consent processes clearly: Make sure data subjects understand what they are authorizing with their consent. Use simple and clear language.
Right of withdrawal: Inform users that they can withdraw their consent at any time and explain the process for doing so.
3. Purpose limitation
Steps to comply with purpose limitation:
Purpose specification: Clearly define the purpose for which the personal data is collected. Ensure that this purpose is stated in the declaration of consent.
Purpose limitation: Use the collected data exclusively for the stated purpose. If a new use of the data is planned, obtain new consent from the data subjects.
Data minimization: Only collect and process the data that is absolutely necessary for the stated purpose.
4. Data security
Steps to ensure data security:
Implement security measures: Use technical and organizational measures to protect the data from unauthorized access, loss or destruction. These include:
Encryption of data during transmission and storage
Use of firewalls and antivirus software
Regular security updates and checks
Access controls: Ensure that only authorized employees have access to personal data.
Report data breaches: Implement a process to quickly detect and report data breaches to the relevant supervisory authority and data subjects.
5. Documentation
Steps to document data protection measures:
Consent documentation: maintain a record of consents that includes the details of the consent (date, purpose, scope) and the identity of the data subject.
Record of processing activities: Create and maintain a record of all processing activities that meets the requirements of the GDPR.
Evidence of compliance: Document all measures taken to comply with the GDPR, including training, data protection policies and risk assessments carried out.
Concluding remarks
By carefully following and implementing these steps, you can ensure that your online product where leads are sold complies with the requirements of the GDPR and that the rights of data subjects are protected.