Posted on Leave a comment

The Most Important Rules of Managing a Remote Team

The Most Important Rules of Managing a Remote Team

Today’s workplace is changing rapidly. A Gallup survey shows that the number of people working out of the office is increasing and they’re doing so for longer periods of time. Employees are pushing for a change in well-established structures and policies that work for the traditional office format.

Remote work certainly provides excellent opportunities for everybody involved, but managing remote employees comes with its specifics. If you are considering the switch and you haven’t come up with a detailed remote employee policy yet, the following guide will come in handy.

Define Expectations in Advance

After hiring remote employees, you will find it more difficult to check in on a regular basis like you would in the case of an office-based team. This is the main reason why expectations and work practices have to be defined and explained clearly in advance.

Goals, timelines, accountability tools, payment schedules, and communication expectations should all be discussed at the beginning of project execution. Giving the remote team access to all of the required communication/project management tools is also going to be imperative.

When defining expectations, you should also make it clear that employees will be held accountable for failures, missed deadlines, and other shortcomings pertaining to the initial expectations.

Do Coaching and Schedule Regular Video Conferences

Keeping a remote team engaged can be very difficult. This is why regular communication is going to play a crucial role in all processes. Regular video chats (whether team-based or on a one-on-one basis) will help you build an emotional connection – one of the essentials for managing remote employees.

If possible, you should also invest time in coaching. Good managers are also seen as mentors. It’s up to you to pass relevant knowledge to members of the team. Pursuing other educational opportunities that will boost worker qualifications is also going to benefit everyone involved.

Handle the Legal Issues of Having a Remote Team

A good remote employee policy should address the legal specifics stemming from this format.

For a start, you should focus on the privacy and the security of all communication occurring between remote team members.  You need to have a strong security policy in place because many data breaches are the result of human error.

Other legal specifics you’ll need to address

  • Following the right regulations pertaining to minimum wage, payday frequency, paycheck delivery, etc.
  • Overtime calculations
  • Whether international employee laws are going to apply
  • Whether health and safety training will have to occur as a part of the remote onboarding process
  • Following hiring and anti-discrimination laws

Provide Constant Feedback

A lot of the cues and sources of information available in the office will be missing in a virtual environment. As a manager, you have to provide feedback consistently and on a regular basis. If something is not working, it is up to you to address it as soon as possible. Waiting will only make the issue more pronounced.

Make sure that the entire team knows the frequency of feedback provision. If possible, communicate information about progress and shortcomings in person. Creating detailed performance reports is a good thing and you can certainly send such information via email. The personal provision of praise or constructive criticism, however, will be invaluable for building a team and making remote workers feel a part of it.

Posted on Leave a comment

How is Personal Data Defined Under the New GDPR Provisions?

Personal Data

How is Personal Data Defined Under the New GDPR Provisions?

The General Data Protection Regulation (GDPR) is already here and hopefully, you’ve managed to implement all of the required changes. To ensure consistent compliance, however, you need to have a thorough understanding of the term personal data and its specific definition under GDPR.

The general definition of personal data is easy to understand – this is data pertaining to a certain person (financial, medical, personal, etc.) that should be protected. Does GDPR change the definition of the term, however?

The Definition of Personal Data

More information about the definition of personal data is available in GDPR Article 4.

The document states that personal data is any information that relates to an identifiable individual. An identifiable individual is someone who can be identified by their name, ID number, an online identifier (like IP address, for example) or any other source of information that can be utilized for either direct or indirect identification.

As you can see, the GDPR definition is quite vague and it could relate to just about anything. The scope of information expands in an attempt to give people more control over the privacy of their data.

New Categories of Sensitive Data

Personal data has an important sub-category under GDPR and this sub-category is sensitive data. Sensitive data is more specific and it should be handled more carefully by website administrators and web service providers.

A few common types of sensitive data under GDPR include:

  • Information about a person’s race or their ethnicity
  • Political opinion
  • Health details
  • Sexual orientation
  • Religious affiliation

In order to process sensitive data, online service and content providers have to get explicit consent under the GDPR.

There are two more types of data that fall under the same category and necessitate similar processing – biometric and genetic data. Genetic data is specifically used for medical research purposes. Biometric data includes fingerprints, retinal scans, etc.

Processing Terms and Conditions for Personal Data Handling

Now that you have a better idea of what personal data is, it’s time to understand how such information should be processed and handled under GDPR.

The conditions for personal data processing under GDPR are somewhat similar to those under the Data Protection Act of 1998. Processing is going to be lawful whenever:

  • Consent is obtained from the individual that the data pertains to
  • The processing of such data is absolutely necessary for the performance of a contract, for legal compliance, the performance of a task or to meet a legal obligation
  • Explicit consent is obtained for sensitive personal data

To meet these requirements, website owners have to review existing data collection policies, as well as the terms and conditions presented on the website itself. If a consent mechanism is already in place, it should be reviewed to make sure it meets the much more stringent GDPR requirements (especially for sensitive data).

Whenever personal and biometric data is being processed, both GDPR and local national regulations will have to be taken into consideration. Individual EU member countries could impose additional restrictions that will come on top of the standard GDPR provisions.

Ensuring GDPR compliance has been a lengthy process for many businesses and for some, the process has not been finalized yet. If you’re one of these businesses and you’re still struggling, you should seek legal assistance right now. Having an experienced professional reviewing your personal data collection and processing policies will make it easier to identify gaps, shortcomings and potential GDPR violations.

Posted on Leave a comment

The Importance of Having a Contract Reviewed by a Legal Professional

Contract Agreement

When two or more parties interact with each other, they all have certain expectations pertaining to the outcome of the interaction. To protect their interests and make sure that the expectations are met, such entities should consider signing legally-binding contracts.

Written legal contracts state the expectations of all parties involved and the eventual repercussions that will be faced when such expectations aren’t met. Contracts are enforceable in court, which is why they need to be as detailed and personalized as possible.

Very often, entrepreneurs wonder how to make a legal contract and whether such a document should be thoroughly examined by a contract review lawyer. It’s interesting to point out that a global legal survey suggests 39% of entities rely on professionals other than lawyers for contract management.

If you’re still undecided about the importance of legal contracts and whether these documents should be reviewed by an experienced attorney, the following information may come in handy.

The Benefits Outweigh the Cost of Professional Legal Help

Many small businesses and startups refrain from utilizing legal services because of the perceived cost. The truth of the matter is, however, that a poorly crafted contract can end up costing a lot more in the long run.

Contracts are created to protect businesses and ensure mutually-beneficial partnerships. Missing terms and conditions could enable the other party to get out of the partnership without fulfilling its responsibility. Alternatively, one party could be sanctioned in a faulty way. Such errors will have long-term consequences and they can also have a devastating financial impact on a business.

Law Evolves on a Daily Basis

Business contracts aren’t always simple and straightforward.

On occasions, they will invoke complex clauses and refer to highly specific legal contract terms. Amendments and new regulations could render some clauses or obsolete or necessitate adjustments in pre-existing contracts. Legal professionals have the obligation to expand their knowledge in terms of the changing nature of regulations. If a relevant new law comes into effect, an attorney will make sure that the modification is reflected in a business contract.

Do You Understand What You Are Signing?

Sometimes, you will be presented with an agreement that you will have to sign to move forward or explore new opportunities for your business. Unless you are a legal professional, however, chances are that you don’t have a thorough understanding of what you’re getting yourself into.

Your contract review attorney will make the terms and conditions accessible. You will be notified of the favorable clauses, as well as of the ones that can potentially harm you. Based on their experience, an attorney can let you know whether signing the agreement is a good idea and if it’s in line with your current business development objectives.

The Terms of Business Contracts Can Be Negotiated

Business contracts aren’t unalterable. If you’re not satisfied with a certain term or a condition, you can negotiate a modification.

Once again, a contract review lawyer can represent you during the process and help you get a more favorable legal document. Whether a provision needs to be changed or something important is missing altogether from the document, your lawyer will make a good case and push for the respective change that you desire.

Contracts can quite often cause complications, unexpected outcomes and legal issues. Which is why you shouldn’t just sign blindly or use a generic template for a brand new interaction. Investing in high-quality legal documents protects your business and ensures continual adherence to the highest standards.

Posted on Leave a comment

Four Steps for Copyrighting Your Blog or Website Content

Copyright infringement is common in the online realm. Just like a patent, a website or a blog is a part of your intellectual property. Thus, you should undertake the necessary steps to protect all of your content.

You may be wondering how to copyright a blog and what blog copyright laws will apply. The following guide will give you a step by step explanation of everything you will have to go through in order to prevent intellectual property theft.

Understanding Digital Copyright

Copyright is a term that describes the legal rights of intellectual property owners. In essence, these regulations state that the person holding the intellectual property rights is the only one allowed to copy or reproduce the respective work.

Copyright is defined clearly by US law and it applies to digital products like websites and blogs. Based on the US Copyright Act, the owner of the intellectual property is the sole entity given the right to:

  • Reproduce content
  • Create derivative works from the original content
  • Distribute copies of the work
  • Display the work publicly

If other entities are interested in such rights, they are obliged to contact the intellectual property owner who may grant or refuse the permission. The exclusive copyright acts can be transferred to others, and the procedure itself will typically be described in the Copyright section of a website or a blog.

Always Have a Copyright Notice

When wondering how to copyright blog content, you should always start with a clear and customized copyright notice. The aim of the copyright notice is to explain what kinds of content use are allowed and which ones are prohibited.

Just like other legal sections of the website, the copyright notice cannot be copy-pasted from another source or based on a generic template. Your provisions should focus on the types of content available on the specific website and the uses stemming from the respective format.

Move on to the Creative Commons License

The next concept you will need to acquaint yourself with is the creative commons license.

The creative commons license aims at listing the specific uses permissible and the procedure that should be utilized for the transfer of the exclusive copyright to occur. Creative Commons provides free licenses that have pretty much become the standard in the field of blog and website copyright protection.

Apply for Copyright with the US Copyright Office

You can apply with the US Copyright Office in order to benefit from additional protections.

For this purpose, go to the website of the US Copyright Office and find the copyright registration form.  There’s also an online filing process that may be simpler to go through. The filing fee will also be reduced when you go the web-based route.

You will have to provide information about yourself, the title of the website or blog, the date of publication, and the pages you wish to copyright. Blogs and websites are typically copyrighted as literary works, unless they’re more visual.

Upon the completion of the process, you will be asked to pay the registration fee. Next, you’ll have to wait. Depending on the specifics of the copyright application, you may be contacted by an official representative for additional clarification.

These are some of the things you can do to legally protect your online intellectual property. A couple of additional steps can also be beneficial. Some of the things to do include watermarking your images, setting Google alerts for content similar to yours (in order to check for plagiarism) and using CopyScape to check whether some of your most prominent content has been copied without your permission.

Posted on Leave a comment

GDPR: 10 Steps That Will Help Guide You Through The New E.U. Data Protection Framework

The new European data protection law, the General Data Protection Regulation ( GDPR ) comes into force on the 25th of May, 2018. The new framework poses considerable pressure on online and offline businesses of all sizes because it will strengthen the rules under which the personal data of European residents can be collected, stored, and disclosed. Despite its territorial scope, the GDPR will apply to organizations that do not have a physical presence in the European Union.

To guide you through the new E.U. data protection framework, we’ve provided you with a 10-step guideline that will allow you to better understand the formal requirements of the GDPR and the new personal data security standards.

1. Scope of the GDPR

Although the GDPR is a European legislation, it may apply to businesses located in other jurisdictions as well. More specifically, the GDPR applies to natural and legal persons that collect personal data and:

  • Are established in the E.U.;
  • Are not established in the E.U. but cooperate with data processors that are established in the E.U.; or
  • Are not established in the E.U. but collect personal data of E.U. residents or target them (e.g., offer them goods and services or monitor their behavior).
  • The GDPR will not be applicable if you are a natural person who accesses personal data in the course of a purely personal or household activity (e.g., browsing social media websites).

 2. Tracking personal data

The GDPR defines personal data as any information that allows you to identify a natural person. For instance, personal data may include personal names, physical addresses, email addresses, social security numbers, location data, genetic information, biometric data, health care data, and IP addresses.

The GDPR requires applying the principle of data minimization, meaning that you can collect and process only the amount of personal data that is required to provide the requested service.

In order to keep track of all of the personal data that you collect, store, access, share, and process online and offline, it is important to document such transactions for your own records. Also, in certain cases (e.g., if you employ more than 250 persons, collect personal data regularly, or target special categories of personal data) you may be obliged to maintain data processing records.  

It is important to note that the GDPR imposes stricter requirements (e.g., obtaining explicit consent) for special categories of personal data, such as a person’s racial or ethnic origin, political, religious, and philosophical opinions, trade union membership, genetic data, biometric data, healthcare data, and data concerning a natural person’s sex life or sexual orientation.

3. Collaboration with third parties

Under the GDPR, all third parties that have access to personal data collected by you, such as cloud storage providers, hosting providers, and newsletter providers, are considered to be data processors. The law stipulates that the relationship between you and data processors should be governed by data processing agreements, which should reflect (1) the types of personal data you provide access to, (2) the purposes of processing, (3) the duration of processing, (4) the applicable security measures, and (5) the mutual assistance in fulfilling your obligations under the GDPR.

If the third parties are located outside the EEA, you can disclose or transfer personal data only if certain conditions are met, including, but not limited to:

  • If the third party is established in the country that is “white-listed” by the E.U.;
  • If you conclude a contract with the third party on the basis of pre-approved contractual clauses or binding corporate rules;
  • If the data subject provides you with explicit consent to the disclosure or transfer of personal data; or
  • If the transfer is explicitly necessary for conclusion or performance of a contract.

 4. Consent

Consent for the collection and processing of personal data is one of the legal grounds for lawful data processing under the GDPR. To be valid, the consent should be prior, explicit, informed, and freely given (pre-ticked boxes are not allowed). The deviation from obtaining consent is permitted if the personal data is necessary for performing a contract with the data subject (e.g., booking an appointment, providing the requested service, or delivering a product), pursuing legitimate business interests, and in some other exceptional circumstances.

5. Data protection and storage

Under the GDPR, personal data can be retained only as long as its storage is necessary for the purpose for which the personal data was collected. Afterwards, the personal data should be deleted. Only in certain cases, when the storage of personal data is required by the applicable law (e.g., for accountancy purposes), businesses are allowed to retain personal data in order to comply with their legal obligations.

To protect personal data, appropriate organizational and technical security measures have to be taken (e.g., limited access to personal data by employees, anonymization, secured networks, and encryption) and you have to ensure that the data processors with whom you cooperate have also put equivalent security measures in place.

6. Data subjects’ rights

The GDPR provides data subjects with a number of rights with regard to their personal data. Indicate in your privacy policy those rights, and give instructions on how data subjects can exercise them. Such rights include:

  • The right to access personal data (e.g., getting a list of personal data you store about the data subject);
  • The right to correct personal data (e.g., change of contact details);
  • The right to erase personal data and object to profiling (i.e., “right to be forgotten”);
  • The right to restrict the processing of personal data;
  • The right to ask a data controller to provide another data controller with a list of personal data related to the data subject; and]
  • The right to launch a complaint about the handling of personal data.

7. Identification and transparency

Give your privacy policy the highest level of transparency. List clearly the types of personal data you collect, the purposes of collection, the grounds for processing, third parties that have access to personal data, and all your policies and procedures governing collection, storage, and the processing of personal data.  

Also, indicate your contact details clearly in your privacy policy, including the email and post addresses that can be used by data subjects to contact you with regard to personal data. Also, mention the timeframe in which you will respond to the data subject’s inquiries.

8. Children

The GDPR prohibits the collection and processing of children’s personal data without obtaining a parental or guardian consent in advance. In order to comply with this requirement, consider putting systems in place to verify individuals’ ages and to obtain the requested consent. Also, provide parents or guardians with the opportunity to request the erasure of children’s personal data that has been obtained without their consent.

9. Data breaches

The GDPR puts in place strict guidelines for reporting security breaches that affect personal data. In a nutshell, you have to inform the supervisory authority within 72 hours from the moment you become aware of a breach, and then provide details about the affected personal data. Should a data breach occur in data processors’ systems, the data processors have to immediately notify you. Make sure that you have the right procedures in place to detect, report, and investigate a data breach.

10. Data Protection Officer (DPO)

You can voluntarily appoint a DPO as a person who will assist you in complying with the GDPR, as well as tracking and documenting the transactions involving personal data within your organization. The GDPR explicitly requires appointing a DPO if:

  • Your business relies mainly on processing of personal data on a large scale;
  • You process special categories of personal data on a large scale.
  • The processing of personal data may cause a threat to rights and freedoms of data subjects; or
  • You are a public body or authority.
Posted on Leave a comment

Is Encryption a Mandatory Part of GDPR Compliance?

Is Encryption a Mandatory Part of GDPR Compliance?

Website encryption guarantees a high level of security for visitors, which is why the number of websites featuring security certificates is on the rise. According to a Mozilla report, the volume of encrypted traffic already surpasses unencrypted traffic. Other reports predict that approximately 75 percent of web traffic will be encrypted by 2019.

While the benefits of data encryption are easy to understand, is there a legal requirement for websites to feature a security certificate? Does the new General Data Protection Regulation (GDPR) mandate such a change?  The use of a security certificate is definitely beneficial, but there’s currently no encryption law that necessitates the change.

Is SSL Certification Needed to Be GDPR-Compliant?

The SSL certificate adds a layer of protection to a website, increasing privacy and giving visitors peace of mind. The padlock symbol in the address bar shows whether a website is encrypted.

Under GDPR, data encryption is recommended, but not mandatory. In fact, the term encryption is not featured in the lengthy document much.

GDPR suggests the introduction of safety measures like encryption and various others (the words used are “may be introduced” and “optional”). Encryption is only one suggestion, and while it is presented as a good choice, there are no statements that make it mandatory

The Lack of Encryption and Data Breaches

While there are currently no encryption laws that mandate the purchase of a certificate, website owners are expected to do everything in their power to prevent eventual data leaks, website hacking, and breaches.

If a data breach occurs and the data of EU citizens get affected, the website owner will have to answer questions about the security safeguards in place. Questions about the encryption of personal and sensitive information may also arise.

Would the lack of encryption be perceived as a negative thing? Most likely! Are there any requirements under the new GDPR policies for the purchase and the integration of the SSL certificate? Such provisions do not exist at the time being.

The General Data Protection Regulation is concerned with ensuring the safety of personal data. Thus, you should work hard towards guaranteeing eprivacy in every possible way. While data breaches are often inevitable, there are things to do for the purpose of minimizing the risk.

A few of the best options (other than website encryption) include the following:

  • Make sure that the system and all software will get upgrades on a regular basis
  • Refrain from using default passwords and usernames
  • Keep track of devices to make sure none are lost or stolen
  • Limit the number of people who have admin rights and access to sensitive information (human error is still one of the most profound contributing factors to data breaches)
  • Reduce data transfers
  • Make sure that all employees who do website work undergo data security training

Getting Your Website Encrypted Is a Good Idea

While GDPR does not make website encryption mandatory, this is a good option you should consider for your online platform.

There are different kinds of security certificates, and their features will determine the cost. Many hosting companies will also provide a free SSL certificate as a part of the service package their clients receive. This is a possibility to consider but for the purpose, talk to a developer or a data security specialist. Encryption certificates are not created equal, and some may not be worth getting.

The things that you do to guarantee the security of your website’s visitors will have an impact on your reputation. Do a bit of research and consider all possibilities carefully before turning down one option or the other.

Posted on Leave a comment

Four Reasons to Have a Non-Disclosure Agreement with Your Clients

Business Contracts

Four Reasons to Have a Non-Disclosure Agreement with Your Clients

Being an entrepreneur and growing your business will necessitate a lot of hard work and strategic thought. Protecting new concepts, ideas, and business development models will be of utmost importance when it comes to maintaining your competitive advantage. In such instances, a non-disclosure agreement can come in handy.

NDAs are typically created to protect confidential information. A mutual non-disclosure agreement will protect both parties involved. While certain business interactions don’t necessitate the use of NDAs, such documents will provide amazing benefits in other instances.

Preventing Information Disclosure to Third Parties

This is the essence of non-disclosure agreement laws – preventing the unauthorized disclosure of information то third parties.

Imagine a situation in which you’re presenting an idea or showing an invention to a potential business partner or customer. In such instances, you want to convey something important about your business without getting the respective idea stolen.

The NDA will oblige the potential client or business partner to keep the information under wraps. Thus, you can demonstrate your biggest strengths without feeling concerned about a potential information leak.

Ensuring the Provision of Quality Services Without Risks

Occasionally, you will interact with partners and third parties tasked with providing services. To accomplish such a goal, they may need access to sensitive data like financial information about your business, inventory, employee data or marketing data.

Such data should not be disseminated outside the organization and you should definitely consider a non-disclosure agreement in such instances.

Providing Information about the Licensing of Specific Technologies

When the sale or product licensing prospect is on the table, you will once again have to think about protecting your business in the worst-case scenario.

The information exchanged with a potential customer in such situations can easily be used by them to gain leverage in the negotiations with other service providers. As a result, you are not going to be competitive on the respective market.

Licensing and sale discussions usually involve the presentation of financial data, facts and figures. Obviously, you don’t want such information circulating freely and you should get that NDA before the talks begin.

In the Event of Selling Your Business

Non-disclosure agreements will also come in handy whenever you’re considering the sale of the entire business.

When selling your business, you will have to present a lot of sensitive data in order to entice a potential buyer into making an offer. At the same time, such data will put you at a massive disadvantage if it gets out there.

It will be difficult to assess who is a serious potential buyer right from the start and who’s there just to gather a bit of intelligence. Non-disclosure agreements are imperative because you’re otherwise left vulnerable. There’s a reason why large companies make NDAs a standard part of the merger and acquisition process.

The Quality of the NDA Matters

In order to offer reliable protection, a non-disclosure agreement should be drafted professionally. Adherence to non-disclosure agreement laws and personalization will both be required to address potential risks and ensure comprehensive sensitive data protection.

Working with a legal professional is imperative in such instances. An attorney will also know how to handle the process of negotiating when it comes to signing a mutual non-disclosure agreement or a privacy agreement with a potential business partner.

Posted on Leave a comment

Is Your Website Ready for the GDPR?

GDPR Website Compliance

Is Your Website Ready for the GDPR?

Is your website ready for the enforcement of GDPR on May 25, 2018? The General Data Protection Regulation is designed to make digital privacy laws across Europe uniform, and compliance failures could potentially contribute to hefty fines.

Website content management and e-privacy policies are heavily affected by the new GDPR regulations. Here are a few of the things you will have to do to make sure your website is ready for the GDPR.

GDPR Provisions for Websites

Many websites require private data and permissions from visitors in order to function properly or provide relevant content. The GDPR will change the manner in which such website visitor information is being collected.

The new European regulations give internet users full control over their data and their eprivacy. Clear, easy to understand, and optional opt-in/out policies have to be implemented as a result of the new EU digital privacy laws.

Some of the most important ways in which GDPR compliance can be ensured include the following:

  • Active opt-in forms that enable the visitor to either subscribe or unsubscribe effortlessly
  • The addition of data encryption
  • The creation of a strong privacy policy/privacy statement
  • The provision of legal justification for personal and sensitive data processing
  • Allowing the deletion of customer/website subscriber information
  • The provision of easy opt out or withdrawal of permission

What to Do in Order to Ensure GDPR Compliance

The summary above gives you some idea about the website changes that will have to occur in order to ensure GDPR compliance. Let’s take a deeper look at the actual steps involved in making these changes happen.

The first and the easiest thing to do is to modify and augment your digital privacy and information handling policies. Luckily, the Information Commissioner’s Office has published detailed guidelines and examples of how a privacy notice is to be written. To be on the safe side, you should also consult an experienced attorney that will help you craft an effective document that is GDPR-compliant.

Cookie policies are also to be thoroughly outlined in the notice!

Next, consider getting an SSL certificate that adds a layer of encryption and helps you ensure the safety of sensitive data. It’s easy to see whether a website has SSL certification. The certificate “unlocks” the little padlock symbol that appears in the address bar before the URL.

Changing all website forms is another very important part of ensuring compliance.

Based on GDPR requirements, website forms can no longer feature pre-ticked boxes (you probably have seen pre-ticked boxes for newsletter subscriptions or for the sending of marketing information to new website members).

The aim of the GDPR is to enable websites to provide specific consent options for every potential interaction with the website. Pre-ticked boxes take away some of that freedom.

Specific consent is also needed for sharing user information with third-party service providers. In addition, consent should be easy and effortless to withdraw. Website owners should make sure that their visitors and subscribers know they can withdraw consent at any time and they should also outline the consent withdrawal procedure that is to be followed.

A few other things to address include IP tracking, the use of personal data for re-marketing, and the manner in which data breaches are going to be reported and addressed.

GDPR aims to ensure transparency and simplicity as far as e-privacy is concerned. This means that every policy and term and condition on the website will have to be revisited and rewritten. Don’t hesitate to introduce these changes – as already mentioned, compliance failures could have serious consequences.

Posted on 1 Comment

Privacy Notices Under GDPR: How to Draft a Compliant Statement

Privacy Policy Compliance

Privacy Notices Under GDPR: How to Draft a Compliant Statement

The deadline for the enforcement of the new General Data Protection Regulation (GDPR) is fast approaching and many businesses are still unprepared to address new privacy concerns and requirements.

GPDR changes are going to have the most profound effect on privacy policies and notices. The GDPR privacy notice has a couple of specifics that make it different from previous versions of the document. Currently, a privacy notice template is made available by the Information Commissioner’s Office. This is one of the official sources of information you can rely on to ensure compliance. Other privacy notice forms you find online could potentially be outdated, which will lead to a GDPR compliance failure.

What Does a GDPR Privacy Notice Have to Feature?

The aim of GDPR is to give internet users and website visitors full control over the manner in which their personal data is being used. The rights of website visitors, customers, and subscribers should be presented in a comprehensive privacy notice.

The privacy notice is a public statement that focuses on how personal and sensitive data protection principles will be applied in reference to the website’s functioning.

According to articles 12, 13 and 14 of the GDPR, a website’s privacy policy should be:

  • Concise and written in a language that’s easy to understand
  • Transparent and readily accessible on the website
  • Free of charge
  • Written so that a child could understand the information contained in it

There are numerous important questions that website privacy terms and conditions have to address in order to ensure GDPR compliance. A few of these key issues include:

  • Information about the entity that is collecting data and how this data is going to be used
  • What is the legal basis for the collection and the processing of personal or sensitive information
  • Is the information going to be shared with third parties, how and why
  • The amount of time during which personal and sensitive data is going to be stored
  • The rights of the individuals who share their sensitive data with the entity
  • The manner in which a complaint can be filed
  • The manner in which website visitors can consent or withdraw consent to data collection

Drafting a GDPR-Compliant Privacy Policy

Most often, privacy notices are copy-pasted or filled with jargon to the point that they become completely illegible.

If your privacy notice isn’t simple, straightforward and well-written, you will have to rework it.

All manners in which personal data is going to be collected and used will have to be outlined. This means that if you use third-party products on the website (Google Analytics, email newsletter software) that require visitor information, your visitors should be informed.

A generic privacy policy is no longer going to cut it. It has to be specific and it has to provide details about the entity behind the website, the purpose of the website, data collection practices and the numerous ways in which such information is going to be used to enhance the visitor’s experience.

Official privacy notice templates can be quite helpful when attempting to draft a brand new document. In the absence of legal knowledge or experience, however, you may want to seek professional assistance. There are fines and penalties for compliance failures, which is why you can’t leave the drafting of your privacy notice to chance.

Posted on Leave a comment

All About Intellectual Property: The Differences Between Copyrights, Trademarks, Patents, and Trade Secrets


In the age of current technology, inventions, and ideas, protection for intellectual property has become quite common in our society. The four types of intellectual property- copyrights, trademarks, patents, and trade secrets– are often heard in everyday conversation. But how do we differentiate between these four protections?  This blog is to act as a guide in explaining the basics of intellectual property.


Copyright protection is available for original works of authorship that are fixed in a tangible form, whether published or unpublished. The categories of work that can be protected include paintings, literary works, live performances, photographs, movies, and software. It is important to understand that copyright law covers the “form of material expression,” and not the actual concepts, ideas, techniques, or facts in a particular work, hence why it must be in tangible form.


Trademark protection is available for certain names, symbols, devices, or words that will be used in connection with a good or service. The purpose behind trademarks is to allow companies and individuals to indicate the source of their goods or services and to distinguish them from others in the industry. A trademark not only gives the owner the exclusive right to use the mark but also allows the owner to prevent others from using a similar mark that may be confusing to the general public. It does not, however, prevent others from making or selling the same good or service.


​A patent is a right granted to an inventor that permits that inventor to exclude others from making, selling, or using his or her invention for a period of time. For an invention to qualify for a patent, it must be both “novel” and “non-obvious.” An invention is novel if it is different from other similar inventions in one or more of its parts. It also must not have been publicly used, sold, or patented by another inventor within a year of the date that the patent application is filed. As for the second qualification, an invention is non-obvious if someone who is skilled in the relevant field of the invention would consider its development to be unexpected or surprising.

Trade Secrets: 

Trade secrets consist of information, including formulas, patterns, compilations, programs, devices, methods, techniques, or processes. To meet the definition of a trade secret, the information must be used in business, and grant the user an opportunity to obtain an economic advantage over competitors who do not know of it or use it. This protection is fairly limited, as a trade secret holder is only protected from unauthorized disclosure and use. If a trade secret holder fails to maintain secrecy or if the information is independently discovered, becomes released, or otherwise becomes generally known, protection as a trade secret is lost. However, trade secrets do not expire, so protection continues until discovery or loss.

If you have additional questions, or if you are looking to protect your ideas, products, or business, you should contact an experienced intellectual property attorney.