At last, I finally get it. No legal jargon. No meaningless fluffy overviews. Just the practical steps, in real terms, of what I need to do to be GDPR compliant. Brilliant! Thank you sooooooo much. Have shared on Facebook with all my friends and business owners.

As a web developer I have watched 6 videos this morning trying to get an understanding of GDPR. This is by far the best one.

Amazing information. Thanks so much, Digitool! First-time viewer and just subscribed, so enjoy your happy dance, Daisy!

Is amazing always following 😊

This has been more informative that the hour long webinar I did today. Thank you!

Thank you so much for this useful guide! I have been researching for weeks and it's lovely to see it all put together in tips like this. Clear and easy to understand. Very much appreciated from a small business owner! :)

You got a true follower. Best content on GDPR so far. Thanks a lot sharing with us.

terima kasih banyak atas panduan yg anda berikan semoga menjadi ilmu yg bermanfaat bagi saya

best video on gdpr so far, with just the right amount of details

Very helpful to understand ...GDPR. Thank you!!

Absolutely superb. Easy to understand with no Jargon. As a very small business i am now confident that i can meet all GDPR principles. Thank you very much.

This was very useful! Thank you for sharing all this info:)

GDPR was confusing for me but your explanation made it easy to understand and to act upon. Definitely, one of the best explanations I came across ever.

Great work, really. Within my research for GDPR, this was the 1st video that was not just saying a few (general and confusing) things about GDPR, only to continue with promoting a product or service. Many thanks ..

Love it, people are literally being SCARED out of business because of this stuff, you make it all sound simple which is GREAT! Shared your video with my 18,000+ FB group members just now to help them (and you) out :) Thanks!

Excellent job, Daisy! After reading so many articles that only left me with more questions, this video made everything about GDPR "click".

I was wondering what GDPR actually was. 13 minutes later, with simple and clear words ..I really feel I do. That was brilliant. Summing up all this in such a short time, making it understandable by anyone. Great work there !

very detailed and informative! thanks for this! SUBSCRIBED :)

GDPR is a goldmine for we folks doing website maintenance. Keep it coming :)

Very nicely explained. Useful video. Many thanks.

Thanks this has saved me as I love watching videos instead doing all the reading to research what I need to do. You are very good at this. It is clear, well thought out, easy to understand, helpful and super informative. I feel really confident about what to do so thanks again.

Thank You Digitool for putting together this great video for all of us that are still currently baffled by what to do next to prepare for GDPR! The video really brought back memories of when I was a Health and Safety Officer in corporate retail! The terms are different, but the logic and processes are basically congruent with each other. The amount of clarity you shed light on is incredible, and I absolutely love the small Q&A for real business situations! I've shared the video on my FB and LinkedIn, I'll be sure to target any further questions back to your site. Thanks again for the awesome video!

Very helpful, thanks for sharing

Thank you for this helpful video on GDPR!

You are awesome for taking this awful big information of gdpr and compressing it into a 13 min video... Thank you very much U helped a looooooot

Thank you! this was a big help!

Excellent presentation of GDPR overview. You made it look simple and enjoyable.

Great video and tips, tks! Not sure if you are aware of, GDPR rules in Brazil will be effective on February 16, 2020. Basically, it is a ctrl C/ctrl V version of the EU GDPR rules, so we are trying to understand it from the very beginning.

#GDPR is all about assessing the risk to data subjects. GDPR compliance is a continuous process. The worst thing organisations can do is not do anything at all! Good points raised in this video! However, it is the ICO (Information Commisioner's Office) that is the supervisory authority (SA) in the UK. They investigate GDPR compliance. ICO guidance and advice is the best to follow. (2:08)

Thanks for the easy to understand explanation and list, best one i've seen all day :)

Great structure of content throughout the video.

Best GDPR explanation in the shortest possible time! Great Job Daisy! 👍

A super explanation. very succinct. thanks

I found this video very helpful. thank you very much

Excellent video. We are a small business and make print hard copies of the customer invoices, dispatch notes etc for accounting and audit purposes , under the new laws are we allowed to store these records and is there anything that we should be mindful of when maintaining these hard copy records . We also store the customer/ supplier details in our computers and servers should they be stored with password protection

This has been so informative on GDPR than any that i have yet to come across :-)

Really helpful, thanks.

Do employers need to take and document consent for obtaining personal data from potential candidate for employment ? (refer Article 9 of GDPR). Can you lease guide.

Thanks for the 10 useful tips given in the video.

So I have a phone book Yellow Pages which has details of suppliers that I might use. Do I need to inform plumbers and electricians that I have their phone No. in my records?

Great video! You explained the law very well.

this was useful - thanks :-)

Question. Lets say i went on holiday. and i happen to take loads of photos and videos in public areas. when people walk around. it happens i would have collected so many different people's data, their face information etc. and if i am to post videos of scenes where you can see someone's face. loads of random face walking around. is there anything i need to do on my side? and its not for any business purposes.

just liked and subscribed. great tips.

excellent. the best overview explanation I've seen!! super clear and enjoyable to watch. thank you!

Interesting and informative. I work with a charitable foundation and keep information on our volunteers. These are not employees and they don't sell anything. We also have patients that we deal with . It would be interesting to know what to do about their records.

9:55 In case of buying data containing personal information, shouldn't data subject be informed about purchasing party's data policy and give them a constent of storing and processing that data? I doubt whether selling's party compliance with GDPR is sufficient to buy this data. The purchasing party is required to comply too, hence be able to provide the evidence that data subjects were informed about the purpose of storing and processing their personal information by the purchasing party and gave their consent for it as well.

I work for a business that sells home improvements, the data we have is used for guarantees, our guarantee is 10 years so we keep data for that long we also keep limited data to prove when the guarantee has ended, can someone ask for that data to be deleted? If so how do we prove when products were installed????

Well done. Learn so much about GDPR in a short time frame. Thanks!

excellent explanation

Daisy, thank you for inviting us to post questions. I do have one. I own a small company, that provides services to "Individual Professionals" (like a lawyer, or engineer) and "Companies" ONLY. I am talking about "Legal Entities" with Tax books, that must provide their VAT number, in order to accept an Invoice (not a simple Receipt). I have nothing to do with Retail market, I cannot sell anything to a "Person" (my Tax books, do not allow me to). The only data I keep about my Customers & Suppliers, is their "Tax data", the ones needed to issue or accept an invoice. The only "persons" I communicate with, are the employees of my Suppliers and the employees of my Business Customers (companies). The only data I have about them, is what is usually written in their Email signature (like Name, Job title, Email, Phone, Work address). The only way I use their data, is to communicate with them. I do no marketing at all, I do not collect any data from any source, I do not give any person's data to anybody. The ONLY "person" I deal with, is my 1 employee. His data, are provided only to my company's accountant. SO, the question is: Does GDPR "touches" my company ? Thank you.

Very useful, but I have one question. What is the situation regarding invoice and transaction data in e-commerce? The obligation to keep these records for the tax authorities to inspect seems to conflict with the "right to delete". If a customer comes to me and demands that I delete all her invoices which government department wins or do they both fine me?

Very clear explanation!

is it mandatory to show the Privacy Policy on the navigation bar? i mean, what if your site does not have a navigation bar at all?

Excellent explanation! Thank you

What would you say about Oracle web site where you need to click through several dialogs so select only the very limited cookies required by the web site? I don't think it can count as easy and clear.

Clear video with good advice, thank you

Very thorough. Thanks.

Thank You Very Much

Hi, your tips are perfect! We're going to follow your checklist on our websites! Can you please tell me, do we need to make the same if we have an app in AppStore? We don't collect names and emails but we definitely use some ads and analytics tools....

This is really helpful, summarizes the concept and tips are great as well.

Succinct and clear. Thanks.

Wow fantastic presentation we are undertaking a GDPR review with Deloitte but your explanation and examples are great.

Tip 6 depends on who is collecting your data and for what reason, if you have entered into a contract with a financial services firm, they would normally need to hold onto the information for at least 6 years (for some pension transfers for your whole life), so that they can defend themselves against a claim for financial mis-selling. The law may also instruct the firm to hold onto personal data, such as HMRC etc. So the answer is no, there is no blanket requirement for a company to destroy your personal data. If depends.....

Is it okay to force user to accept terms & Condition /privacy policy? I mean not allowing to use the services unless they accept their privacy policy ?

This is a brilliant video, thanks for taking the time to create it.

What about cold contacts? We are a small agency and we don't own large databases to invite people to our events?

thanks for summarizing it

Thank you for this video. Any GDPR changes (updates) till now?

What is my settings all my phones the changes in th I ere on settings thank you

Awesome tips!! is this GDPR is only for websites hat belong to european union right??

Very well done!

Hey, I am Quality Analyst and I want to know that what checklist or can say test cases a QA should have to ensure that website is GDPR compliant. If you have a checklist please share. Thanks

Great video, we're going to show this to our employees.

Great explanation! Well done! Will definitely follow your tips, thanks! ✌🏻

Much clearer than anything else I have seen, thank you.

Hi Daisy, could you recommend a link for a free privacy policy template please

Great video!

Thanks - very useful. Who gets the 20mill euro in fines? Do they go to the violated part?

Very useful and well structured video. Thank you. However it’s worth pointing out that the need for customers to opt in to electronic marketing communications has been in place for 15 years! (Privacy and Electronic Communications Act, 2003). It’s not new in GDPR.

Very well done, thanks

Excellent!

Hi Daisy! Thanks so much for that video. It was really handy to understand what GDPR is. I've check comment section but no one asks for it. What about cookies and all tracking stuff? I put a notification when entering website we use cookies and third-party engines and 'I am OK with cookies' botton and 'Learn more'. The website is built on Shopify platform and doesn't really allow to put more options. Do you think an additional text like 'If you don't agree to use cookies please change the settings in your browser or leave page' will sort out the problem?

Really helpful and clear. Thank you.

you legit saved my life! thanks

Thanks so much, this video is very helpful. I have a question: for health practitioners, who have hand written data taken at a consultation, is it necessary to contact every past patient and ask if their data can be held? Health practitioners are legally obliged to hold their data for 7 years, even if no longer in touch with them?

nice video! But, I was wondering, what about "Goodbye E-mails"? They are automatically sent after someone unsubscribes, like a last ditch effort to try a persuade a subscriber to stay with us. Are those kind of emails "outlawed" now, after GDPR?

So if I get a speeding or parking fine through the post, I can phone them up and demand they delete all my data from their system?

Hello and thanks for the video! Do I need to add the 'Positive Opt In' checkbox if I'm not sending any marketing emails to my clients? I only send the booking confirmation email.

Great video! Are public bodies exempt from GDPR ie HMRC, local councils, water board, health authority etc? Can we opt out with these authorities from holding our data?

Do you have to follow this for affiliate marketing?

Thank you for the video. It was really informative. Now, I would like to know that what would happen from GDPR perspective for cases where business has sent emails to it's consumers/customers to opt or give concent to use their personal data for marketing campaigns, etc. but they have not responded to that email. Can I treat no response as their agreement? If yes then will I be liable to any fines?

Very good video and clear advice

What will happen about business cards? can people still hand those out?

Thank you for this information, been a great help :)

Good job :) Thank you :)

One question. What do we need to do if we use WhatsApp etc for sending out advertising material to our personal contacts? do they need to opt in? (if they do need to opt in, is leaving an opt-out option sufficient to say they are happy to receive messages?) Bare in mind that in order to broadcast a message on WhatsApp to a group of people, the message only gets through if that party has your number stored on their phone. is that sufficinet for an 'opt-in'?

Very good summary...

Really great video thanks! I have a question/observation on your last point about having an existing customers who are on an email newsletter opt in again. I am on probably 20+ lists, and I have not gotten a single request to opt in again (I live in the US), so are you sure about this requirement?

I have several questions. The first one is about ip address, i have not seen anywhere that states that an ip address is considered identifiable data so if someone simply visits the website and nothing more then is that considered collecting data? Second question is does this apply to hobby/nonprofit websites as well. If some underage kid ownes a website for them and their friends and they do not block EU ips or customers and EU customers sign up to the site, is the EU going to fine a kid 20 million bucks? Last question, If this is only for business sites then how does the EU qualify what is a business and what is not?