Does your website comply with the new Data Protection Rules coming in to force on the 25th May 2018?
So what is GDPR I hear you cry, and why does my website need it?
Firstly, the UK relies on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this will be superseded by the new legislation. It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.
Secondly, the EU wants to give businesses a simpler, clearer legal environment in which to operate, making data protection law identical throughout the single market (the EU estimates this will save businesses a collective €2.3 billion a year).
What counts as personal data on my website under the GDPR?
- When a customer or user fills out an enquiry form on your website, the data is stored and emailed to you.
- When a customer or user registers on your website for information or to buy a product.
- When a customer or user registers to be part of a forum or membership site.
- When a customer or user signs up for a newsletter.
" If you use a health and fitness app on your phone and you sign in using your a social media account, the social media account then has access to all your personal data - example, heart rate, steps taken per day, sleep moitoring, even your sexual activity. They use this data to tailor marketing ads to you and your devices. "
What happens if you don't comply?
There are two tiers of administrative fines that can be levied:
- 1) Up to €10 million, or 2% annual global turnover – whichever is higher.
- 2) Up to €20 million, or 4% annual global turnover – whichever is higher.
Liability for damages
The GDPR also gives individuals the right to compensation of any material and/or non-material damages resulting from an infringement of the GDPR. In certain cases, not-for-profit bodies can bring representative action on behalf of individuals. This opens the door for mass claims in cases of large-scale infringements.
So how can we help you?
We can offer help and advice to align your website with the new GDPR rules.
Your website requires:-
- An SSL Certificate, unless you already have one in place.
- Cookie Consent - this is to accept that a specific website stores data about your website usage; for example 'Google Analytics'.
- Opt in on forms - it is now no longer that your customers/users are automatically opted in to receive information, they are opted out and have to opt in.
- Terms and Conditions tick box on forms - your customer now has to agree to your terms and conditions by clicking a tick box and also a link to said Terms & Conditions.
- GDPR request personal data - under the new GDPR rules you now need to offer your customers a simple method to contact you to request what data you hold on them and what you use it for. *
- GDPR Compliant Terms and Conditions - the GDPR requires a compliant set of Terms & Conditions that is tailored to your business and website.
- GDPR Compliant Anti Spam Policy - this is not a GDPR requirement, but we think good practice.
- Security and Firewall – if not already installed, we will install and configure the required Security and Firewall features and perform a malware scan.
- Current Data – We will make you aware of the current data stored in your website enabling you to make an informed decision on how to clean and keep it up to date.
Preparing for the General Data Protection Regulation (GDPR)
There are 12 steps you need to take now (Click Here for the Document)
We have put together a package which includes legal and compliant documents and the required changes/additions to your website to help you on this journey and make it as smooth as possible for you.
If you have an SSL Certificate already in place, then we can get you on the way to being GDPR ready for £