What is GDPR and why your website should be GDPR compliant
GDPR – or General Data Protection Regulation – has been in the press a lot recently and with it not being too long until it comes into effect, your business needs to be as up to date with all the changes as well as being fully compliant with the new regulations. It’s important to know the basics of GDPR and how your website could be affected by it.
NB: This article is not exhaustive and does not constitute legal advice. Any legislative concerns about the effect on your business should be brought to a certified GDPR practitioner or a solicitor.
So, What Is GDPR?
The rules concerning the privacy and security of personal data for EU citizens is a big deal and the General Data Protection Regulation (GDPR) is that new set of rules. These are the rules that aim to improve how people control their data, which means that those who want to access information that businesses hold about them have new rights. There is also an increase in the accountability surrounding data management and there are fines for businesses that do not comply with those rules.
Currently, the existing Data Protection Directive from 1995 is outdated, and the new GDPR will replace this. GDPR compliance is therefore crucial to your business and the future relationship that you have with customers.
What Is The Effect Of GDPR On Your Business?
GDPR surrounds the safeguarding of personal data, which is why the rules state that individuals have the right to access, correct, delete and restrict the use of information that could be used to identify them. Everyone deserves to know what data is held with each company and as a business, you have a responsibility of protecting this data. The most important thing is that you gain specific consent from people before you use their data in a specific way – most commonly for marketing purposes.
Businesses that are not GDPR compliant and fail to follow the new rules are subjected to fines, but this isn’t something a business should panic about initially. Some of the fines have been subjected to scaremongering, but the fine surrounds 4% of the annual turnover or a £17million total fine amount. For the most part, fines are a last resort for the ICO and are less likely to be given to those who try to put the rules in place and fail compared to those who blatantly ignore the rules.
Why Your Website Takes Centre Stage
Your business has access to a lot of information, so it makes sense that your website is overlooked occasionally. Your website is continuously gathering information from people – from surveys and email lists to new product sign-ups and subscriptions. Your website will continuously attract data no matter what the purpose of your website is, so you’re responsible for your website and what happens to its data.
So, how can you make sure that your business is GDPR Compliant?
Revise all website forms
The biggest area of importance for GDPR is consent. You cannot assume that visitors want you to have their data and use it the way that you see fit any longer; you must ask, especially where forms are concerned.
Any time someone chooses to fill out a form on your website, you need to give them the option to choose whether they want you to hold their data or not. Consent is very important, and you should give them the chance to refuse to keep their information. Visitors actively opting in to marketing communications are the ones that you can contact, so be very clear about what you want people to consent to when using your site.
Updating your website forms to remain compliant is crucial to your business remaining GDPR compliant for new customers. For existing customers, you have to have had their permission to contact them with a clear record of their consent. It’s a big job, but auditing your existing database is crucial.
Review your cookies notice
Cookies are those little data files that store in the web browser of a user every time they visit a website. They’re used for data collection and to improve the user experience of the site. Most businesses use third-party tools to collect data and which generate cookies that collect the personal data from website visitors.
Different cookies used should always be written into your website policy and you have to give the user the chance to accept those cookies onto their site. This is important, because you cannot assume consent of data use just because someone is on your web page.
Encrypt your website
SSL certification is important as an essential security measure for GDPR compliance. This is particularly important if your website is ecommerce.
SSL encryption – as you know – adds a layer of security on your website by sending information over a secure connection. Personal data is then unreadable and much harder to access by hackers. However, if you do not have SSL encryption on your iste, you are exposing the data of everyone that you hold in your cookies and your cloud.
SSL certifications also help you to rank well in Google search results, attracting customers who are knowingly using your site.