Here we are on Part III and I'm wondering if this series will ever end...? I'll try and wrap it up in 2 more parts. Things like this can be overwhelming so I don't want you to have a 93,938-word post to attempt to digest in one sitting.
I also don't want to continuously repeat what others are saying on this topic, but I literally have not seen a single other person bring up LGDP. Other than a few outlets, but no one in the small-business realm. I realized that it's b/c there are not any other compliance-specific businesses out there for entrepreneurs/small businesses - which is the exact reason I started Complianceology and Urban Consulting. Others have talked about GDPR, CCPA, and things like that b/c they were more widely covered, but that was not their specific area of expertise so obviously there will be crickets in other areas.
So while you should keep following the other legal experts, clearly you are in the right place for compliance-specific topics that are not in their niche. But, I'm happy you're here and I can 100% say you are in the right place to stay properly informed and protect your business.
Back to the show...
This is also the perfect time to see if there are any third-party apps you are not using anymore and can remove them from your website.
You just need the highlights as you are gathering this information -- you don't need the how or why. All policies have to have a section saying "We collect the following" (everyone will word this differently, but you're looking for something along those lines). Now write out that information and keep it handy, I'll tell you what to do next week b/c this project make take you a hot minute (30 min to 1 hr max for most of us) depending on how many third-party apps you have installed.
Let's talk quickly about data breaches - GDPR requires you to notify your website visitors and the local protection authority of a data breach within 72 hours of you knowing. LGDP states that notification must be submitted in a "reasonable" timeframe. Ermmmm, okay. Since LGDP and GDPR are similar in a lot of areas, I would simply assume you should report a breach within 72 hours or one week, max. The longer you wait, the worse it could (and will) get.
But how do I know if my website had a data breach you ask? My goto is by
using Google's Transparency Report - you will type in your URL and it will tell you what, if any, security issues your site has.
Your host typically always gives you notification of a breach as well.
We know that LGDP (and GDPR) is "technology-blind" meaning privacy of personal information applies to any physical documents you keep with sensitive information on it. So if you are robbed and contracts from your office are stolen or payment authorization forms, that is considered a breach.
Read more about keeping your customer's information safe in your home office here.
Follow us on social media!
>> This post is informational and educational only and is not legal advice, nor does it create a consultant-client relationship. Please consult your legal counsel for further guidance on this topic. <<