Heads up! Here comes some important information…
If you have a website you need to read this way before the 25th May 2018!
The new General Data Protection Regulation (GDPR) applies to businesses of all sizes! It doesn’t matter what your website is about, it doesn’t matter if you are a business or not – the GDPR applies to anyone who handles personal data.
Before I give you the information you need to know about the GDPR and a website, I’m going to get straight to the point – data breaches and the fines!
Why do people have to understand and implement the GDPR?
If you handle people’s data you have two options:
- Understand and comply with the new GDPR.
- Don’t comply and face extortionate fines!
If there is a data breach, you could face a fine of up to £17m (€20m) or 4% of your global turnover, whichever is more.
Data is everywhere!
Look on your computer, on your phone or other devices. Look on your desk, on your noticeboard and in your bag – even your bin! (yes… your bin – any phone numbers written on a scrap piece of paper?)
Here is my big top tip… buy a paper shredder if you haven’t got one.
What qualifies as ‘personal data’?
- A name
- An address
- A phone number
- An email address
- Account details
- Sensitive information
- Security details
- A business card
- Any piece of information that is connected to a person
The GDPR can seem a little bit radical and OTT but I will simplify it for you and touch on the most relevant aspects - as a business owner and/or service provider, you have a responsibility to make sure you understand the EU GDPR and how to be compliant.
Here it comes…
What is the GDPR?
The GDPR is the most important change in data privacy regulation in 20 years. The new regulation will replace the current Data Protection Act (DPA).
The GDPR will help take care of people – it will protect people’s online and offline existence. For example: A website that captures people’s information or a name and address written on a piece of paper
It is a regulation by which the European Parliament and the council of the European Commission intend to strengthen and unify data protection for all individuals within the European Union. The GDPR will come into force on the 25th May 2018.
What are the implications for collecting data on a website?
After the 25th May, when people go to a website and the website owner collects information about that person, for example: email addresses or contact details – the website owner becomes exposed to a potential data breach.
So… remember, data can be a liability, unless you need it, don’t keep it.
A website owner needs to know what data is being captured and stored on their website and what is being done with that data. Most importantly of all, does the website owner have permission to store that information?
Use the following list to make sure you and your website are ready for the GDPR:
- Is your business registered with the Information Commissioner’s Office (ICO)? If not, it should be. How to register with the ICO
- Make sure that you have an SSL (secure sockets layer) certificate or equivalent on your website
- Use OPT-IN tick boxes and unsubscribe facilities for features such as emails, newsletter signups or information being used by a third party
- User account creation - if your website is an ecommerce site or allows a user to set up an account for access to services behind a login area, you will need to ensure that you have both the SSL installed and also work towards the data being stored using pseudonyms
- Enquiry or contact forms – make sure the SSL is installed
- Social media comments or feedback on your website – check to see what information about the person has put in the comment box, an email address for example
- Testimonials on your website – make sure you have permission to use the name or any other details of the person who has written the testimonial
- Customer Relationship Management (CRM) – check to see if data captured on your website goes to your CRM, if it does, keep a record of it
How to be compliant with the new data protection regulation
- Educate yourself and any staff about the GDPR. Do you need a Data Protection Officer (DPO), who is your data controllers and data processors within the company?
- Be compliant, be prepared and put procedures in place
- Know your data. What data do you store now? Document, centralize, audit and make your data easily accessible. Keep that information safe!
- Don’t get complacent with your website – know what data is on there all the time and record it
- Report a data breach within 72 hours – have all the details about what happened and when ready for the investigation. If you can prove that you have been GDPR compliant you shouldn’t have a problem
- How long can you keep data? There are different variables to consider, find out what applies to you and your business
The GDPR is not optional. A business owner or website owner is ultimately responsible for making sure their company and any employees are GDPR compliant.
When it comes to personal data, if you know what you are doing you will be fine - not fined!
So there you have it and what’s more… to gain a complete knowledge and understanding of the GDPR you can read the full document here.
If you have any concerns about your website or you think it’s about time to have an online facelift give me a call on 01525 307164. We can discuss a new website for you and your brand or add a blog page to help with SEO.