On May 25th 2018 a new regulation is coming into effect that replaces the current Data Protection Act – the General Data Protection Regulation (GDPR)!
But what exactly does this mean, and how can you ensure your website is compliant?
What is GDPR?
The intention of GDPR is to “strengthen and unify data protection for all individuals within the European Union (EU)”. To put it in basic terms, GDPR means that if you are a business collecting and using the personal data of any customers from the EU, you must have a clear policy that informs the customer of the data you are collecting. You must also let them know what you are using it for, and how long you will be holding onto it.
You will also have to make sure you have received clear consent from the customer to have and use their personal data. Companies will no longer be able to use massively long terms and conditions that force the reader to accept without reading.
What are the consequences of ignoring GDPR?
Authorities enforcing the new GDPR will be able to deal out more severe penalties for any breaches of the new regulation.
- Serious breaches (e.g. not having a customer’s consent to their data) can lead to a fine of 4% of your company’s annual turnover.
- Less serious cases can lead to fines of 2% of your company’s annual turnover
What data does GDPR apply to?
Anything that can be used to identify a person – that’s details such as their name, address, email address or phone number, as well as their IP address.
How is my website affected?
There is no general rule or approach that applies to all websites, but here are a few suggestions that will likely need to be covered on most businesses’ websites:
- As a business, your website is probably one of the main methods used by your customers to send you enquiries, usually via an online contact form. Because of this you need to make sure you have policies in place that detail how you will be using the data entered by the customer, where it will be kept and for how long will you be storing it.
- If you use a mailing list, you need to make sure that your customers opt in to join it, rather than having to actually opt out. For example, if you use a checkbox on your contact form that tells your customers they’ll be added to a mailing list, this must be unticked by default. You’ll also need to make sure that you allow your customers to remove themselves from the mailing list easily.
- If your business is holding personal data, you’ll need to ensure that you are using the proper security measures and policies to keep the data safe. A good place to start is an SSL certificate for your website, and considering further encryption within your database.
- Ensure all your employees are up to scratch on the new rules, and understand the need to look out for any breaches of GDPR and report them immediately, as failure to do so can lead to fines for the business.
How can I be ready?
To ensure you have a GDPR-compliant website, start thinking about the policies you’ll need. If a customer asks you how you use their data, will you have the answer ready? If a customer asks you to remove their data, will you be able to do so swiftly?
GDPR compliance is something that Green Dragon Design can help with. For further information please give us a call on 01822 259345 or send us an email via [email protected]