The deadline for GDPR Compliance is 25 May, 2018 - make sure it's marked in your diary
If you haven't heard about GDPR or started preparing your businesses website for the changes yet, now is the time to start. Although it may not sound anything important, GDPR actually stands for ‘General Data Protection Regulation’ - which has a whole lot of meaning.
GDPR in a nutshell
Ultimately, GDPR is being implemented to set new standards for data collection and processing by companies and organisations in order to strengthen Data Protection in the EU. This is beneficial to the individual whom's data is being stored, as it allows them to control what data is being stored about them, having the ability to retrieve, change or delete it and know what the information itself is.
Although this was decided by The European Parliament and the UK have chosen to leave the EU, it still very much applies to all businesses here. It will come into effect a considerable amount of time before the move is actually initiated - and even if it didn't, it will still apply to all EU personal data; which most companies will certainly encounter.
If you do not comply with GDPR from the set deadline date (25th May 2018) you are putting yourself at risk of damaging fines ranging from €20 million to 4% of global turnover. Even though your site may be maintained / hosted by a different company, the responsibility falls under the ownership of your business - not those who supplied the site. Therefore you are accounted as responsible for any breaches; it's not worth taking the risk - learn today how you can start preparing.
Who does this effect?
Data 'Controllers' and 'Processors' will be affected by this update.
If your site at some point collates data from users which it then stores in a database (for various different reasons) you are considered a Data Controller under GDPR. This could be in the form of Cookies, Forms that collect Contact Details etc, Login Credentials and so on. E-Commerce sites are especially effected by the GDPR due to storing payment details from customers.
In order to be able to store this data from users of your site, you need to gain their consent to do so and make them aware of what you are storing and justify why.
GDPR states that a site should cover the following:
Tell the user: who you are, why you collect the data, for how long and who receives it
Get a clear consent, before collecting their data
Let users access their data, and take it with them
Let users delete or ammend their data
Let users know if data breaches occur
What you can do to become compliant
Obtain consent from users
Before requesting and/or storing data about users who visit your site, you must obtain consent from them. This can be done in the form of a pop up / disclaimer to detail what you are collecting, why, and what their options are - with a checkbox asking if they do or do not consent to this information about them being stored.
Know your plugins and keep them updated
If your site is built using 'third party plugins' you have to rely on them to become compliant in order to protect yourself from breaches. Try to avoid these types of plugins or find an alternative if the ones you are using do not follow the guidelines of GDPR.
You must ensure that all plugins are kept updated on a frequent basis - this ensures any scripts and files are the latest versions. Having out of date files/scripts and databases provide easy entry points for Malware and Hackers to compromise a website.
Allow users to access their data
One of the key points in GDPR is that users that you have collected data from, have the ability to access it, delete it and/or change it. If you are not providing the functionality to do this on your site, then you are not being compliant.
Transfer to HTTPS
In order for users to feel comfortable with sites obtaining sensitive data about themselves on your site, you must ensure that you are encrypted and have an SSL Certificate. If you don't, then you are at risk of punishment.
Although we hope this may have helped you find your feet with GDPR, it is just a starting point. Time is running out with the 25th May looming, to avoid falling behind you need to start preparing for the change now.
If you're not feeling comfortable with the facts and what to do next, we advise you speak to someone that knows what they're talking about - like us. You can contact us on 01536 560555 or fill out our Request a Callback form and we will get in touch at a time that suits you.