There is lots of talk about GDPR and offering (in our opinion) ridiculous claims that they can update your website for GDPR for very little money, without even seeing your website and knowing your needs (a “one size fits all” method).
It would be worth explaining what GDPR actually is and how it would affect every business, no matter what size they are.
GDPR stands for General Data Protection Regulations and will replace the current Data Protection Act 1998 once Parliament finishes processing the Data Protection Bill.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
The EU General Data Protection Regulation comes into effect on the 25th May 2018.
This means that any business holding or using the ‘personal data’ of EU citizens must have a policy in place regarding the data they collect, what they use it for and how long they hold onto it.
If you collect any information there must be clear consent to do so, for the reasons declared.
You can read more on the EU GDPR Website.
This is a very good question and one that is discussed a lot.
Personal Data is anything that can be used to identify an individual. Some basic examples of the kinds of data would be:
It can also extend to more technical information, like the IP address of a users Internet connection (this is the number that is given to each PC on the internet).
Every business collects and holds some form of information about their customers. From the moment someone enquires about your services you’re collecting information about them. It needs to be clear to customers what information you’re collecting, what it will be used for and how long you keep this information for.
Your website is one of the primary ways that you would be collecting and storing this information. Even if your website has a simple contact form on it you would need policies in place to let people know how you handle their Personal Data.
You also need to make sure your website is secure.
In October 2017 browsers like Google Chrome implemented warnings that tell visitors to a website if it’s not secure. We published 2 news articles last year, “Switching from HTTP to HTTPS” and “New Version of Google Chrome means majority of websites need to use HTTPS” which gives more details.
Making your website secure will be vitally important to help protect the information you’re collecting on the website.
If, as part of the process, you allow someone to join your mailing list, this must be an explicit opt-in. This means that they have to tick a box to be added to the list rather than (as previously) the tick box might be ticked by default.
They should also have the ability to easily opt-out at any moment they choose. Most e-newsletter services have these systems in place, including the one we use.
We’re not GDPR experts and don’t claim to be but we can give you the following hints which might help:
If we can help you with your website regarding this please do contact us and we can give you more information.