Posted on

6 Ways Your Marketing Is Breaching GDPR

Marketing breaching GDPR is a real issue! The General Data Protection Regulation (GDPR) has had a profound impact on how businesses communicate with prospects and customers, and how they conduct their marketing. There are still businesses that believe that once users consent to their marketing campaigns, they can use the gathered personal data however they want.

But this can get you in a world of trouble!

GDPR is much more complex than getting consent from visitors and users. While many news outlets have placed emphasis on how consent is handled, it’s actually about the way businesses handle and protect personal data, what they use it for, and how they seek permission to use it.
GDPR is not a directive – it’s a regulation, and it’s legally binding. Companies could easily breach GDPR with their marketing efforts, and here the 6 common ways it can happen:

#1 Contacting people without active consent

GDPR regulates consent in extensive detail, and according to their regulations, consent must offer real choice, and users have to be in charge! It needs to be prominent, and users should have no issues understanding it. It should also be always requested on its own, not as part of any terms or conditions.

The only valid consent according to GDPR is a positive opt-in and requires you to disclose any third-parties that rely on that consent. You should also provide an easy way to withdraw consent.

#2 Automatic opt-ins

Automatic opt-ins were a common method to trick users who weren’t paying attention to consent. Such tactics are considered predatory and are considered marketing breaching GDPR tactics. Any tick boxes that are pre-ticked or say “click to opt OUT” are a huge breach.

Remember: The only type of consent accepted under GDPR is a positive opt-in.

#3 Poor lead lists and storage

Where are you storing your lead lists? While it’s very convenient to have them readily available on a shared Google Drive or OneDrive document, that’s a very poor practice and definitely a GDPR breach if you have the link set to public for sharing.

Your leads list should be secured and encrypted, and shared only on a need-to-know basis.

How long you keep the information is also important. Under GDPR’s data minimisation principle, holding information for too long is a marketing GDPR breach, so it’s important to delete it as soon as you don’t need it.

#4 Obtaining lists without confirmation of consent

One way marketers fill up their sales pipeline is with purchased lead lists. There’s a lot of third-party lead generator sites that are willing to sell lists to you. But you have to be careful when buying lists.

If these generators don’t have active consent from users on distributing their data to other parties, then YOU will be the one who’s breaching GDPR as soon as you contact those prospects.

You always need to have proof that they consented to be contacted by you, whether they gave the consent to you directly, or through third parties.

#5 Ignoring erasure requests

Users who have given consent to collect and process their data have the freedom to withdraw that request at any time. They can also request that you delete all the data that you have gathered on them. Not answering those requests is considered marketing breaching GDPR.

Do you know how to erase data? Do you know how much time you have to get back to them once they send a request?

GDPR states that you must act within a month of receiving the request, but there are also instances where you can extend response times; for example, when the user made multiple requests or in case the request is very complex.

#6 Accidentally sharing email addresses

Accidentally sharing any personal information is considered a breach under GDPR.

Surprisingly, emails are a very common reason behind a data breach. Emails that are sent to the wrong recipient are the most common mistake, as well as emails with unprotected attachments.  

An accidental data breach is still a data breach, so make sure your emails are secured and encrypted. This way, even if they are accidentally sent to wrong recipients.

Update: The ICO is sharing more and more information on specific circumstances and it’s interesting to note that a business email is protected under GDPR IF it contacts the ability to identify someone properly. The most common way is: [email protected] so with that in mind you should be wary about contacting businesses as well! Check out this page by the ICO about marketing to businesses here: https://ico.org.uk/for-organisations/in-your-sector/marketing/the-rules-around-business-to-business-marketing-the-gdpr-and-pecr/

For more information on GDPR email compliance, check out the 5 ways your emails could be breaching GDPR HERE >>> https://towerwatchtech.com/5-ways-your-emails-could-breach-gdpr/

Have more questions? Check out our Smiley Geeks IT Help Membership from only $69 a month!

Posted on

7 Best Ticketing Software for Managing Tech Support

7 Best Ticketing Software for Managing Tech Support feature image

The best ticketing software helps tech support resolve issues faster and allows managed service providers to offer a better service! Here are seven excellent IT ticketing software solutions that will optimise your IT support:

1. Spiceworks IT Help Desk

Spiceworks is amongst the best ticketing software solutions, and all their products are free!

It’s a full help-desk system with multiple-channel ticket support and network monitoring. All systems are customisable to meet the requirements of any business.

The most prominent features include automatic ticket routing, prioritisation, and notifications for IT teams, as well as a knowledge base for most common issues that can be integrated into a ticket.

2. ManageEngine ServiceDesk Plus

ManageEngine’s ServiceDesk Plus is a solution that helps an IT managed service provider with advanced automation options of many processes.

The project management module supports tracking of any number of IT projects and helps with planning. Ticket routing, prioritisation, and escalation options make it a favorite of many IT teams. The IT ticketing software automatically informs users about any changes to the status of their tickets and reported issues.

The analytical capabilities help link recurring issues to the root cause and eliminate their occurrence permanently. The knowledge base keeps the ticket inbox decluttered through self-service for end users.

Prices range from $10 to $50 per tech per month.

3. Remedy Service Desk

BMC’s Remedy Service Desk is the best option for an IT managed service provider who caters to enterprise users. It provides MSPs with a comprehensive service management suite that can be deployed in the cloud or on-premises.

  • Their incident management with service impact analysis is their best feature. It helps IT staff see how problems and incidents affect business systems.
  • Problem management detects recurring incidents and helps trace the cause.
  • Knowledge management delivers the required information directly to users and staff.

This service desk supports a multichannel report of incidents and issues via email, web service, self-service, social, or chat. Pricing is provided per request.

4. Freshdesk

Freshdesk is a solution that can work for internal IT departments, but it’s actually an IT ticketing software that’s better tailored for an IT managed service provider. Customer tickets are processed in a swift manner thanks to ticket workflow optimisation, routing, ticket response automation options, and service level agreement (SLA) management. The IT team can collaborate on a single ticket and resolve complex issues faster.

There’s a free plan available, while other tiers span from $19 to $89 per agent per month.

4. Zendesk

Zendesk is one of the best-designed ITSM solutions out there. Asset, problem, and incident management are done via a ticketing system that includes all the tools an IT team needs: ticket priority, tracking, and resolving have powerful automation options.

Everything is available from a central interface: on-premise information and third party apps, as well as self-service options and workflows, which makes it one of the best ticketing software designs available.

There’s a free trial and five price tiers that span from $5 to $199 per agent per month.

6. Jira Service Desk

Jira Service Desk is available as a cloud-based or on-premise solution that includes problem, change, and incident management, while the self-service feature helps users resolve tickets on their own by accessing a knowledge base.

The most notable feature includes the ability to link the Service Desk IT ticketing software to software issues, so the required IT experts will be notified about the issue faster.

There are two price tiers: $10 for up to three agents, and $20 for four to five agents, and discounts for larger groups.

7. SysAid

This is a cloud-based IT ticketing software that offers a wide array of features: from help-desk automation and IT asset management, all the way to performance analysis and monitoring.

Their incident report and service request modules, as well as their remote control capabilities, are their strongest features. They help track and resolve issues quickly. Their ticketing system is extensive and includes incident management, knowledge base, and a self-service portal, and incidents can even be reported via email. The tickets can be assigned automatically to the most appropriate IT professional, while escalation rules ensure all tickets are addressed in a timely manner.

The pricing is available from the vendor per request.

The best ticketing software helps resolve IT issues quickly but also plays a proactive role: by analysing incident reports, problems can be eliminated before they cause large-scale issues by tracing the root cause.

If you need help managing your IT support, contact us to discuss a quote.

Posted on

8 Signs Your IT Managed Service Provider Is GDPR Compliant

GDPR Compliant IT Managed Service Provider Feature Image

Before hiring an IT managed service provider you need to make sure they are GPDR compliant, and capable of making sure your business technology is compliant too. You can’t afford not to.

With the recent GDPR regulations that came into effect in May, no matter how big or small your business is, you still need to comply.

But, that’s not all. 

Under the GDPR, any 3rd parties that handle sensitive information on your behalf are processors, and your duty is to make sure they know their responsibilities too. Your service provider falls into that category. Here are 10 signs that indicate they have taken the appropriate measures to be GDPR complaint as well.

1. They can answer your questions on GDPR and how it relates to technology. 

Your GDPR compliant IT managed service provider (MSP) should be able to provide clear answers to any inquiries related to the GDPR. They should have details on the type of data they manage and how it’s being stored, processed, and protected.

They should be able to explain what steps they are taking to ensure that data is safe, and they will be able to provide you with proof of how they are doing that.

Then, they should be able to explain how they can help your specific business do the same. 

2. Their GDPR compliance is reflected in their contracts 

To ensure that they are compliant, your managed service provider should have included GDPR principles into their contracts. Since they are exchanging data with you, the contract should reflect the GDPR regulations. If you have an ongoing contract with your MSP and it wasn’t updated yet, contact them ASAP and demand the update.

They should also have an up-to-date and compliant privacy policy. 

3. They are ICO registered 

Most MSPs will need to register with the ICO, some will need to pay a fee while others won’t. Only data controllers have to pay the fee, and if that applies to them you should be able to find them on the ICO public register

Note: It’s highly likely they will need to be registered with the ICO. However, this is not always the case with every business. If they aren’t registered they should be able to demonstrate why they are exempt. 

4. They honor new personal data rights

GDPR clearly states that individuals are the owners of their data and have specific rights pertaining to their data:

  • They have the “right to be forgotten” and can request that all their data be erased. When such a request is received, it should be solved within a month.
  • They should be informed about any usage of their data.
  • They have the right to request copies of their data.
  • They also have the right to correct any data collected on them.

MSPs should have policies in place that honor every single one of these rights. Although this places an extra burden on how they are handling data, not adhering to it can jeopardise them and the data they are processing.

5. They understand GDPR compliant tools

Since your MSP regularly exchanges data with you and others, they should ensure that data can never be accessed by an unauthorised party. This can be done through encryption and other security policies that keep data safe wherever it is.

Now imagine your MSP is storing data outside of the EU their data centres are located in the US. Because they are still handling data from EU citizens, it still falls under the GDPR jurisdiction and should be treated as such. This means that no matter the location, that data should be protected in a compliant way.

7. They have updated their own practices

It’s easy to say you’re compliant but often companies will still be using their original bad practices. For example, automatic opt-ins, ignoring erasure requests, or using old lists without the proper consent. 

8. Understand their own processes that collect and store data

Your MSP should be able to tell you which stages of their process they collect data, how it’s stored and in what way it is used. That should be part of their road to compliance. If they can’t they may not have been as thorough as they first appear. 

Signs Your IT Managed Service Provider is NOT GDPR Compliant

1. They say “GDPR doesn’t apply” 

This can be a major red flag. Because in most circumstances it will apply to some degree or another. Those who aren’t compliant often use this as an excuse but ignorance won’t stop their fines (or yours) if you work with them. 

2. They aren’t willing to sign data processing agreements

A data processing agreement is needed for data controllers to use a data processor under Article 28. If this applies and your MSP is unwilling to sign, AVOID! 

3. They have a ‘GDPR certification’ 

At present (Dec, 2018) there is no form of official GDPR certification/qualification or body of official training that gives this any weight. Of course, there are many training programs which can be helpful in providing education, but you cannot be ‘GDPR certified’ or ‘GDPR qualified’ as a company (yet.) This ‘qualification’ or training does not equal compliance. 

Hopefully this has made it easier for you to determine the fact from the fiction when it comes to finding a GDPR compliant IT managed service provider! 

If you wish to make sure your data is safe and compliant, we can help. Contact us today and let us help you set up the highest security standards for all your data requirements.