20th of November 2017
You may have heard of GDPR and be worrying about how it might affect your organisation, but it needn’t be seen as something difficult.
In short summary the GDPR will only affect organisations that store personal data within, or from citizens, of the EU. A few small changes to your policies, opt in process and website cookie consent should ensure that you are compliant.
What is GDPR?
- GDPR stands for General Data Protection Regulations. It has been designed to give EU (European Union) citizens greater control over their personal data including; The right to be forgotten, access to personal data and the right to data portability.
- When does GDPR take effect?
- 25th May 2018 for all EU Member States.
- Will GDPR affect me?
- GDPR will affect you if;
- Your organisation is based in the EU.
- Your ESP (Electronic Stability Programme) is based in the EU.
- Your organisation processes EU residents personally identifiable data.
- Is GDPR still effective after Brexit?
- Yes, if any of the above applies to your organisation.
- What does it mean for my current subscribers?
- You will need to ensure that all your subscribers have opted-in to share their personal data with you. None of your current subscribers will be able to be marketed to unless that have explicitly opted in.
- What is explicit opting in?
- This is a decisive action the subscriber actively undertakes during with they consent to receive marketing materials, and during which they confirm they are who they say who they are. This may be referred to as a double opt in.
- How can I make sure people are who they say they are?
- Through the use of reCAPTCHA, or a follow up email asking them to confirm that they intended to subscribe.
- Do I need to employ a DPO (Data Protection Officer)?
- Only if you are a public authority, or engage in the large scale monitoring and/or process of personal data.
- What about Cookies?
- If a website tracks visitor behaviour by default they will have to have this function turned off until after website users consent.
- I use data lists, what does GDPR mean for me?
- It is recommended that you purchase lists from reputable organisations who have strong opting in regulations and practices in place.
- What are the penalties of non compliance with GDPR?
- The penalties are high and any organisation using non consented personal data could face a fine of up to $20million or 4% of their global annual turnover, whichever is the greatest.
- What do I do now?
- Review your current terms & conditions and privacy policies to ensure that they are compliant with the GDPR opt in process.
- Make sure that users have to agree to these policies before their personal data is stored and that there is an authentication process is in place.
- Ensure that if you use a 3rd party marketing organisation they are GDPR compliant.
- Look at how your website cookies work, and if your are collecting personal data have them set to off until the user opts in.
- Add a SSL (Secure Sockets Layer) certificate to your website to encrypt the data sent between your server and where your website is being accessed from http://blog.voodoochilli.com/2017/06/ssl-certificate/
Find out more about the GDPR via https://www.gov.uk/guidance/make-privacy-integral
We are Voodoochilli Design Ltd - the place to go for Hereford web design
We have been designing and building websites for over 10 years and have worked with a wide range of businesses from start-ups to multi-billion pound internationals and everything in between.
If you are interested in finding out more, check out our full website.