We build websites. A lot of websites. As such, it’s made sense for us to change a few things behind-the-scenes to comply with the new data privacy rules (i.e., GDPR). We also don’t love fines. So there’s that, too.

Now as a digital ad agency, our data isn’t quite as critical as organizations like NASA, but it is important nonetheless. Between client contacts, prospective businesses, photographers, pitch work, RFPs and the true identity of D.B. Cooper, we have valuable information in our possession that’s well worth protecting.

Properly complying with the GDPR and its new regulations can take many shapes and forms. Fairly Painless, for example, took the route of porting our most important data into a self-hosted CRM. Going self-hosted has a few advantages. For one, it gives us complete control over all of our data, all in one place as opposed to relying on a cloud-based third-party company for our data protection.

More importantly, self-hosting our data lets us tell you exactly what data we have of yours immediately. Likewise, it gives us the ability to delete data altogether if you so choose. Just give us a call and we’ll give you the scoop.

Our reason for storing your data is rather straightforward. We like sending you emails! Plus, you consented. So whether it’s a holiday card, an invitation to a free lunch or a highlight reel of our recent work, we don’t use your information for anything other than our mailing list and some completely anonymous analytics to make sure our site is working well.

Here’s a brief overview of our new flow:

• We give you a form to fill out asking for your info and/or interest in signing up for our mailing list.
• On the form, you will select whether you are cool with us storing your data. If you are, we will.
• MailChimp pulls the mailing list data from CRM and we send you entertaining emails from time to time.
• Google Analytics informs us how many people are visiting our site, which in turn, boosts our ego.
• Google’s new data retention tools automatically comply with GDPR, so any unused data is seamlessly deleted.

The GDPR means different things for different companies. It’s why we’re more than happy to talk you through any of it, and how it might affect you and your business.

Let it be known though, we aren’t lawyers. Far from it. And we are really bad at getting sued. (We want our house back, Karen!) So when handling these matters, we always recommend getting legal help to ensure you are in good standing with your privacy policy and general data protection.