What Is GDPR?
GDPR is a new EU-wide regulation that came into effect on 25th May 2018. The regulation is concerned with ensuring consumer’s personal details are kept safe. For the UK, the ICO (Information Commissioner’s Office) have put together full details that you can view. This is quite detailed and for some people it is difficult to find clear information. This blog post will hopefully help to highlight some key points. Please note that we are not lawyers and this post does not constitute legal advice.
Do You Need to Worry About It?
Yes. The regulation applies to all businesses – from one-man start-ups, through to large multi-nationals. There are (potentially large) fines for non-compliance. However, as you can see in this BBC article, the ICO have said the large fines will apply to global companies and that they understand companies will take time to comply.
It has also been confirmed that after Brexit happens, the regulation will still apply to the UK.
What Changes Do You Need to Make to Your Website?
For your website, you need to look at all aspects that relate to personal data and ensure it complies with the regulation. This includes:
- Ensuring your privacy policies have relevant clauses in them. These need to cover data collection, data retention and cookies.
- Ensuring that your data is adequately protected. Whilst the regulation doesn’t explicitly state how, a key thing is making sure that an SSL certificate is in place for data encryption.
- Making sure that ‘active consent’ is given by the visitor. An example of active consent is a with a checkbox – which must be unchecked as default.
- Ensuring that your website has the capability to supply data if requested and be able handle the right to be forgotten.
- Making sure that you have a data protection officer in place and that you have a defined process for handling a data breach.
Are There Any Other Changes Required?
Yes. GDPR does not just apply to websites – it applies to your business as a whole. So, you need to consider emails, paper documents, filing systems and more – everywhere where personal data resides. You must also maintain certain documentation – see the ICO guide on GDPR documentation which has some useful templates.
If you haven’t already made changes to ensure your website is compliant, you need to progress these soon as the regulation came into effect on 25th May! The good news is that in most cases the changes websites require are straight forward and thus the cost to make them is fairly low.
We are pleased to offer a free GDPR audit that focuses on the key aspects that apply to websites. Please contact us if you are interested in this or are looking for any other assistance with your website.