GDPR and your websiteMay 17th, 2018
What is the GDPR?
The EU General Data Protection Regulation (GDPR) comes in to effect on 25 May 2018 and has been designed to unify data privacy laws across Europe and give greater protection and rights to individuals.
Basically, if you are a business who offers goods and services to citizens of the EU, you need to look after their personal data or you may receive a fine if you get a breach.
Type of data that falls under the General Data Protection Regulation:-
- Email address
- Social media posts
- IP address
- Bank details
- Personal medical records
The regulation specifies that data processors and data controllers will be impacted by the GDPR. This means that information that is stored in a “cloud” or in a separate physical location is still subject to penalties. Heavy fines will be levied against any business who does not meet the guidelines set forth by the GDPR.
A significant part of GDPR is about transparency and informing individuals about what and how their personal data is being used, by whom and for how long.
Provable consent must be given by an individual before their data can be processed. The data must also only be used for the purposes that consent has been given. For example, if someone contacts you through your website with an enquiry, that does not give you permission to add them to your email marketing list. Consent must be able to be withdrawn by the individual at any time.
How does this affect my website?
If you have any of the following though, you will need to make some changes:
- Contact form
- Registration form
- Members area
- Online shop
- Mailing list sign up
Key things to do to ensure you are meeting guidelines:
- Make it easy for users to contact you to request removal of data
- Avoid storing unnecessary data in your website database (e.g. contact enquiries)
- Ensure double opt-in on mailing list sign ups
- Ask subscribers to opt-in to your mailing list again (if your list is more than just current customers/clients)
- Review your own data practices (data audit/data map)
- Ensure your website plugins and software are kept up to date frequently
- Ensure you have adequate website security
- Install an SSL certificate if you haven’t got one
- Always use strong passwords for any logins and change regularly if you can
What about my mailing list?
If you need help making the changes to your website, please contact us today.
Please note that the information in this article is only a guide and you are advised to contact a lawyer or the ICO direct if you require further advice about GDPR.