- Include a Privacy Statement on your website. This should cover the core tenets of consent, access and data erasure.
- Provide consent mechanisms. We recommend implementing a pop-up cookie notification system on the website for European visitors. It will notify them that information is being collected and direct them to the Privacy Statement. The Privacy Statement page should have links to: (1) unsubscribe from marketing emails, (2) request a copy of personal data held in your marketing automation system, (3) request erasure of personal data in your marketing automation system.
- Enable access to personal data upon request. Set up a simple request mechanism for email and website contacts to request access to the data collected by your marketing automation system. The mechanism can simply be a form or dedicated email address to send data requests.
- Enable erasure of personal data upon request. As with enabling access, a simple mechanism for contacts to request erasure from your system should be implemented.