The New GDPR Regulations and how to make your Website Compliant
Apr 06, 2018
The GDPR (General Data Protection Regulation) is a new EU regulation that is helping to strengthen data protection for EU citizens and residents. Essentially it ensures businesses who are offering their products and services to customers in the EU are looking after their personal data correctly.
The new regulations are of importance to anyone who collects and processes personal data from their customers. This includes organisations that run websites and apps as well as internal databases, CRMs and email.
The entirety of the GPDR is a huge document, so in case you don’t fancy reading through that, we’ve highlighted the most important parts to help you come to terms with the new regulations instead. The maximum penalty for not following the rules is €20million, or 4% of your global turnover, so it’s vital it’s taken seriously! The legislation will be enforced on 25th May 2018.
Consent
Obtaining consent is a key part to the new GDPR legislation. It is vital that any website that collects personal data gets specific permission to use it. Any one who visits your website must understand exactly how you plan to use their data and they must agree to each specific purpose. If you are storing a customer’s email address because they have placed an order, you can only send marketing information to them if they have agreed.
Privacy and cookie notices may need looking at to ensure they comply by the GDPR rules. They need to be simple and easy to understand and free of any jargon.
Access
The new GDPR legislations means customers must be aware of who will have access to the personal data that is stored within the backend of the website. The first step businesses need to take is to understand who this is and put a list together. Look at the list and ask yourself whether they all need genuine access to the personal data. Those who don’t should have their permissions withdrawn with measures implemented for future access.
There should also be a process for deleting data that is irrelevant or no longer required. Companies are not allowed to hold on to personal data for longer than is necessary.
Businesses should review any external agencies that may have access to their data. Agencies should be able to explain what measures they are taking to maintain maximum security of data. Even if elements of the process are outsourced, it is ultimately the responsibility of the business.
Encryption
The new GDPR legislation means it is vital for any data submitted to your website to be encrypted. Encryption will mean your data will not be captured and you should ensure the necessary measures are taken. Installing a SSL certificate to your website will ensure data is encrypted.
If your website does not have the padlock symbol in the URL bar of the browser, it is not covered by an SSL certificate.
If your website needs to be made compliant with GDPR legislation, we can help. For more information, get in touch with The Creation Lab team today by giving us a call on 0800 644 7070 or via our contact page.
Add Pingback