Your Website and GDPR

GDPR

What is the impact of GDPR on your website?

There is lots of talk about GDPR and offering (in our opinion) ridiculous claims that they can update your website for GDPR for very little money, without even seeing your website and knowing your needs (a “one size fits all” method).

It would be worth explaining what GDPR actually is and how it would affect every business, no matter what size they are.

What is GDPR?

GDPR stands for General Data Protection Regulations and will replace the current Data Protection Act 1998 once Parliament finishes processing the Data Protection Bill.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

The EU General Data Protection Regulation comes into effect on the 25th May 2018.

This means that any business holding or using the ‘personal data’ of EU citizens must have a policy in place regarding the data they collect, what they use it for and how long they hold onto it.

If you collect any information there must be clear consent to do so, for the reasons declared.

You can read more on the EU GDPR Website.

What is ‘Personal Data’?

This is a very good question and one that is discussed a lot.
Personal Data is anything that can be used to identify an individual. Some basic examples of the kinds of data would be:

  • Name
  • Address
  • Phone Number(s)
  • Email Address
  • Date of Birth

It can also extend to more technical information, like the IP address of a users Internet connection (this is the number that is given to each PC on the internet).

I’m a small business. How does GDPR affect me?

Every business collects and holds some form of information about their customers. From the moment someone enquires about your services you’re collecting information about them. It needs to be clear to customers what information you’re collecting, what it will be used for and how long you keep this information for.

How does this affect my website?

Your website is one of the primary ways that you would be collecting and storing this information. Even if your website has a simple contact form on it you would need policies in place to let people know how you handle their Personal Data.

You also need to make sure your website is secure.
In October 2017 browsers like Google Chrome implemented warnings that tell visitors to a website if it’s not secure. We published 2 news articles last year, “Switching from HTTP to HTTPS” and “New Version of Google Chrome means majority of websites need to use HTTPS” which gives more details.
Making your website secure will be vitally important to help protect the information you’re collecting on the website.

I have a mailing list. How does GDPR affect me?

If, as part of the process, you allow someone to join your mailing list, this must be an explicit opt-in. This means that they have to tick a box to be added to the list rather than (as previously) the tick box might be ticked by default.

They should also have the ability to easily opt-out at any moment they choose. Most e-newsletter services have these systems in place, including the one we use.

What should I do next?

We’re not GDPR experts and don’t claim to be but we can give you the following hints which might help:

  1. Think about the information you collect about customers and potential customers and how you collect it – Do you need to collect all the information?
  2. Think about where you store this information – many businesses use 3rd party providers for things like CRM, Accounting and even your website and emails. What are the GDPR policies of these providers?
  3. Think about how long you need to keep this information and when to delete it.
  4. What will you do if someone requests you delete their information?
  5. Create and publish a policy (on your website maybe) giving details of these processes.

If we can help you with your website regarding this please do contact us and we can give you more information.

Your Website and GDPR
  • Chard Town Council
    Chard Town Council
  • Somerset Cosmetic Clinic
    Somerset Cosmetic Clinic
  • LED Lights 4 You
    LED Lights 4…
  • Lynx Express Couriers
    Lynx Express Couriers
  • MJ Dodden & Co
    MJ Dodden &…
  • Ice Cold Rentals
    Ice Cold Rentals