It’s Time to Get Your Website Ready for GDPR.
‘I love deadlines. I like the whooshing sound they make as they fly by.’
It’s an oft-used quote from the late (great) Douglas Adams, referencing the certain mischievous delight he took in missing his writing deadlines.
An amusing quote from a very amusing man. But not a credo by which I recommend you follow in your business.
One deadline, in particular, that we’d urge you not to miss, is that of the General Data Protection Regulation (GDPR), which will come into force on the 25th May 2018. If you collect and store data from your clients, via your website or any other means, then it’s something to which you need to be paying real attention.
GDPR will be new EU guidelines which organisations will have to comply with in relation to the way they gather, store, and protect any personal data from clients, within your company CRM system, for example. Or data collected and used by other digital platforms, or web applications.
Replacing, or updating, the current Data Protection Act 1998, GDPR will become law across each member state of the EU, with compliance mandatory, and implications potentially serious for those found to be in breach.
And, yes, that means UK companies, too.
Article 50 may have been triggered, but the UK will still be bound by the new laws. First, because we must comply with all EU regulations up until the time that the exit is formally ratified – which will be 2019 at the earliest. Second, because companies will need to comply with the law IF they use, collect, or store information of anyone from within the EU.
GDPR and websites
The new legislation has some pretty far-reaching and important criteria that website owners and their staff will have to be aware of and have made provisions for compliance.
Which is why we can only reinforce the point that preparation now, could avoid some major headaches closer to the deadline.
In the section below, we’ll outline the key issues that you’ll need to action to ensure compliance.
Ensure your Info is Accurate and Up-to-Date
If you’ve shared information with a company which is incorrect, mistaken, or out-of-date, then you need to inform them and ensure it’s rectified; with all changes recorded to ensure transparency.
Ensure your policies reflect the legal rights of individuals to access all data you have stored about them and allowing them sanctions to restrict marketing and profiling, or even have all data deleted. Consent to access this data must be given freely, and with no obstruction or hindrance.
Updated Privacy Notifications
All privacy notifications must be updated to reflect new changes in the law while ensuring that all relevant information is adequately disclosed whenever data is shared.
Security of personal data is extremely important in an era of digital crime and cyber-attack. GDPR will heighten the responsibility on organisations to ensure they have carried out thorough due diligence on their security measures, and that adequate recovery and reporting are in place.
Suitable Data Protection Representation
Organisations must put a Data Protection Officer in place; either an in-house employee or an external, trusted, 3rd party officer.
Ignorance is Not a Defence
You need to ensure that any staff member who has responsibility for the collation, storing, sharing, or protecting of personal data, is aware of this.
GDPR will take effect on 25th May 2018. It’s compulsory, and non-compliance will come with some stiff penalties.
And it’s something you need to be getting ready for sooner rather than later.
Posted by Gareth Hill on
11 July 2017 at 10:00 AM