Know and respect the rights of your users and customers
Posted: Tue Feb 11, 2025 3:47 am
Obtaining personal data in a way that does not guarantee the traceability of a campaign or that compromises it entirely is simply an unclassifiable blunder.
You must learn to create legally valid and sanction-free subscriber lists that allow you to manage your communications in a safe, responsible manner that is committed to the rights of your users.
Find out if you are in offender mode and you could end up turning your strategy into a marketing Chernobyl
Advertising that is not preceded by knowledge and permission is destined to fail and is also illegal and punishable.
And of course:
Don't buy or collect data, it's mind-blowing, but it's still being done.
Just because data is on the Internet doesn't mean you can use it however you want.
You cannot export data from social networks, websites, or the Internet in general.
Forget about buying databases, extracting email addresses from web pages (they are not publicly accessible sources), or using data that does not comply with the condition of express consent because it is not only illegal, but I assure you again that it is also completely ineffective.
Remember that, in all information capture systems, you must incorporate usa phone number list a check box mechanism to collect valid consent from your users.
Rule 3: Only choose service providers that enable you to comply with the GDPR
As with any process, it is not enough for you to comply with the requirements of the GDPR if the people who work or collaborate with you do not respect the rules and principles of the General Data Protection Regulation.
Choose collaborators who provide guarantees of compliance and sign a contract of assignment with each of them.
Among the obligations established in the GDPR is to ensure compliance with all the principles, rights and obligations established in the GDPR.
Among others, to allow interested parties (holders of personal data) to exercise their rights in data protection (access, rectification, deletion, limitation of processing, portability and opposition).
As the controller of such data, you must enable users and customers who provide you with data on your website to effectively exercise these data protection rights and be able to respond as quickly as possible to requests to exercise such rights.
In order to respond to these rights in a timely manner, you must have a clear procedure that includes all the forms (for each of the rights) for both the request and the response to them.
Rule 5: Apply the necessary security measures to ensure safety
I am not going to go into this topic in detail, I will only tell you that no matter how much you inform or ask for consent, if you do not apply adequate security measures in relation to the level of risk of the treatments you perform, the rest will be of little use to you.
The agency provides you with tools through Gestiona EIPD so that you can analyze your risk level and apply the appropriate security measures, as well as so that you can obtain your own record of processing activities, through Facilita RGPD , the tool created by the AEPD.
That is, as long as you collect low-risk data.
You must keep this record in writing, in case the Control Authority ever requires it.
Here I share with you some pages that do comply and that you can visit to check how they have implemented it and see the abysmal differences of a legal website:
Essentials for selling online - Infographic
Virginia, after an intense debate and listening to all these arguments, decided that having a legal blog was not a minor issue, even if it only took away one worry, it was worth it.
She was just starting her blogging journey and didn't want to start off stumbling.
If you have to start, let it be on a firm footing, with things well tied up and without taking any false steps.
Starting a business and selling on the Internet is a great adventure, don't let anyone or anything become an obstacle.
You must learn to create legally valid and sanction-free subscriber lists that allow you to manage your communications in a safe, responsible manner that is committed to the rights of your users.
Find out if you are in offender mode and you could end up turning your strategy into a marketing Chernobyl
Advertising that is not preceded by knowledge and permission is destined to fail and is also illegal and punishable.
And of course:
Don't buy or collect data, it's mind-blowing, but it's still being done.
Just because data is on the Internet doesn't mean you can use it however you want.
You cannot export data from social networks, websites, or the Internet in general.
Forget about buying databases, extracting email addresses from web pages (they are not publicly accessible sources), or using data that does not comply with the condition of express consent because it is not only illegal, but I assure you again that it is also completely ineffective.
Remember that, in all information capture systems, you must incorporate usa phone number list a check box mechanism to collect valid consent from your users.
Rule 3: Only choose service providers that enable you to comply with the GDPR
As with any process, it is not enough for you to comply with the requirements of the GDPR if the people who work or collaborate with you do not respect the rules and principles of the General Data Protection Regulation.
Choose collaborators who provide guarantees of compliance and sign a contract of assignment with each of them.
Among the obligations established in the GDPR is to ensure compliance with all the principles, rights and obligations established in the GDPR.
Among others, to allow interested parties (holders of personal data) to exercise their rights in data protection (access, rectification, deletion, limitation of processing, portability and opposition).
As the controller of such data, you must enable users and customers who provide you with data on your website to effectively exercise these data protection rights and be able to respond as quickly as possible to requests to exercise such rights.
In order to respond to these rights in a timely manner, you must have a clear procedure that includes all the forms (for each of the rights) for both the request and the response to them.
Rule 5: Apply the necessary security measures to ensure safety
I am not going to go into this topic in detail, I will only tell you that no matter how much you inform or ask for consent, if you do not apply adequate security measures in relation to the level of risk of the treatments you perform, the rest will be of little use to you.
The agency provides you with tools through Gestiona EIPD so that you can analyze your risk level and apply the appropriate security measures, as well as so that you can obtain your own record of processing activities, through Facilita RGPD , the tool created by the AEPD.
That is, as long as you collect low-risk data.
You must keep this record in writing, in case the Control Authority ever requires it.
Here I share with you some pages that do comply and that you can visit to check how they have implemented it and see the abysmal differences of a legal website:
Essentials for selling online - Infographic
Virginia, after an intense debate and listening to all these arguments, decided that having a legal blog was not a minor issue, even if it only took away one worry, it was worth it.
She was just starting her blogging journey and didn't want to start off stumbling.
If you have to start, let it be on a firm footing, with things well tied up and without taking any false steps.
Starting a business and selling on the Internet is a great adventure, don't let anyone or anything become an obstacle.