What does GDPR mean for your website?
If you own a business website, it's essential that you're up to date with the General Data Protection Regulation (GDPR). This represents four years of EU-wide effort to bring the Data Protection Act up to date in an increasingly digital world.
What does GDPR mean? GDPR gives people a far greater degree of control over the way that they allow organisations to save and make use of their data. Crucially, it also brings in hefty fines for any business that doesn't stick to the rules or which has a data breach. It applies all across the EU - so Brexit isn't a 'get out of jail' card!
Why has GDPR been brought into law?
Basically, the pace of change online means that organisations have been able to use - and sometimes abuse - individual data in ways never dreamed of when the original data protection acts were created across the EU. Tech giants and the Cambridge Analytica Scandal are just two notable reference points! GDPR also acts to standardise regulation in the field across the EU as a whole for consistency of approach. At the same time, the new act gives organisations far greater clarity over how they need to behave.
When does GDPR come into effect?
The GDPR is enforced across all EU member states as of 25th May this year. It's a regulation too - which means that it applies in the UK automatically.
What happens if my business doesn't comply with GDPR?
Hefty fines can be levied - both if you are found not to be compliant or if your business experiences a data breach. Fines of up to 20 Million Pounds or 4% of a business's annual turnover have been specified.
Who does GDPR apply to?
GDPR Applies to all organisations that control or process data. Data controllers define how data is gathered and processed and how processors carry it out. So the act applies to all businesses - profit or non-profit, government organisations and charities who deal with any kind of personal data. Data controllers who outsource work to processors retain responsibility for the compliance of their customer data.
What does data processing look like within GDPR?
The key driver is that controllers must guarantee that all personal data that they hold is being processed transparently, lawfully and for a clear and defined purpose. Crucially, once that purpose has been achieved, the data should be removed and deleted.
The question of consent
One highly visible and vital aspect of the new regulation is the issue of consent. Pre-ticked consent boxes simply won't suffice anymore. Data usage consent must now be affirmative and active by the customer. If you have started to receive emails from subscriber lists that you follow asking you whether you want to continue to receive communications, this is an example of GDPR being implemented. The controller must then keep a full record of when consent was obtained from an individual. The individual can then withdraw this consent at any point, and it must be fulfilled.
What is personal data now?
The definition of personal data has greatly expanded and it can even include IP addresses. It can also include cultural, mental health and economic information.
The right to be forgotten
GDPR also introduces the right to be forgotten, which allows individuals to request that their personal data be wholly and completely deleted from corporate records. Remember, if the regulation is now followed or a data breach occurs, heavy fines can follow.
Get the help that you need
If you aren't yet up to speed with the changes needed on your business website before the new regulation goes live in May, we are offering a website GDPR 7-point update for just £99. Get in touch if you want to know more.