#168: GDPR – What Online Business Owners Need to Know With Martin Steiger

Martin Steiger is an attorney and the founder of Steiger Legal, a law firm dedicated to offering legal advice to individuals, organizations, and entrepreneurs regarding intellectual property laws, IT laws, media laws, and data protection laws – particularly with the General Data Protection Regulations (GDPR). He is the spokesperson of Digital Society Switzerland and the co-founder of Papiertiger and VGS Datenschutzpartner —legal tech startups located in Switzerland and Germany respectively.

Martin joins me shares what GDPR is and the essential details that business owners need to know about it. He also talks about data privacy in Europe, the new laws that are coming into effect in the European Union, and how these laws affect small business owners and entrepreneurs.

You should be aware of your risks so you can make informed decisions. - Martin Steiger

 

In This Episode of The Sigrun Show:

• How Martin got into data privacy
• What people should do about the Facebook crisis
• What GDPR is
• Where to get information about GDPR
• What to do with online offers and freebies
• How to know whether the law applies to you
• How to show transparency when writing your data privacy policy
• How to present the necessary information on your website
• How to get proof of consent
• Why using social media buttons can be tricky
• How to deal with the cookie policy
• What a privacy shield is
• What to do with companies who are noncompliant to GDPR
• Why you should write your policies for a 12-year-old child
• The one visible obligation of business owners outside the EU
• Where to find a guide when preparing lists and documents
• What to do with your existing data
• What a risk-based approach is
• What to do when you feel overwhelmed with the new data privacy law
• How to make your life easier

Key Takeaways:

1. Don’t panic.
2. Don’t do IQ tests and quizzes on Facebook.
3. Check your privacy settings on Facebook and go through them one by one.
4. Privacy data policies are required to be more readable.
5. You don’t need to put all the information about privacy in one place.
6. If you’re located outside the EU, you need data privacy representation in an EU country and mention it in your privacy policy.
7. Prepare your documents so you won’t get caught by surprise with requests and inspections.
8. Start creating your list of processing activities.

Resources Mentioned:

• Information Commissioner’s Office
• What is GDPR? By Datapro Tools

Connect with Martin Steiger:

• SteigerLegal.ch
• Martin Steiger on Twitter
• Need a Data Protection Representative? (Use voucher code: sigrun)