From May 2018, small business owners like you will need to ensure your website is GDPR compliant, or face some pretty costly consequences.
If you haven’t been sleeping under a rock for the past few months, you may have an idea of the what this means and how it will affect you website. But, just in case you have been creeping with the crustaceans, here is our guide to ensuring your website is ready for the General Data Protection Regulation:
What exactly is the GDPR?
Over the last four years, the EU has been working to bring data protection legislation into line with the way in which data is now used.
Although we’re currently still covered by The Data Protection Act 1998, the new legislation introduces tougher fines for non-compliance and breaches, and gives people more say over how and when companies can use their data.
The changes are designed to give people more control over how companies like Facebook and Google swap data for use of their services.
The current legislation came into being long before social media found new ways of exploiting our personal data, therefore these changes are very much required to reflect the new ways in which we share out personal information.
Who needs to be concerned about the new GDPR legislation?
Both ’Controllers’ and ‘Processors’ of data need to abide by the new GDPR rulings.
To break that down further, the data Controller states how and why personal data is processed, while a Processor is the party doing the actual processing of the data.
The “Controller” could be any organisation, from a profit-seeking company to a charity or government, and your “Processor” could be an IT firm doing the actual data processing.
Will your website be ready for the GDPR?
From 25th May 2018, simply asking visitors to your website to familiarise themselves with your data protection policy will not be enough.
In preparation for these huge changes, make sure you have your bases covered.
- Review your website
Before you can make any changes to your website, you’ll need to review your current strategy, and identify exactly what you’re using data for, where it’s being stored and how long you are storing it for.
You may also need to fine tune or completely change the way you conduct your business to ensure you policies are in line with the new regulations.
- Update your privacy notices
It’s all very well changing your privacy policies behind the scenes, but in the interest of transparency, you will need to explain clearly what information you will be collecting and how you intend to use it, on any web page that asks for user data.
- Update your associated policies
By this we mean you will need to look at and probably change your data retention policy as well as your terms and conditions.
A copy of the same policies must be easily accessible on your website and should be concise and transparent. Your terms and conditions will also need to reference the GDPR in their terminology.
- Review your data capture functionality
This will include all of your databases, systems and resources that you currently have connected to your website so that you can be 100% sure you’re keeping all personal data safe and effectively managing communication preferences, including the use of third party tracking software (think Google Analytics or Facebook’s ‘pixel’).
- User account functionality
You’ll need to review and amend the user’s ability to update their own consent and communication preferences on your website.
This means you’ll need to ask visitors to opt in to your data capture, as opposed to asking them to opt out (no more pre-ticked boxes!). This will apply to any information you want them to subscribe to, and each aspect must be consented to separately.
We should point out that the above is purely our own guidance on where to start with the process of making your website GDPR compliant. This is not legally binding, and if you have any concerns we recommend you seek additional advice from a GDPR expert well before May 2018.
Big changes are coming to the way we capture, use and store our website visitors’ information. Failure to abide by the new legislation could result in heavy penalties, so start taking steps to make your website GDPR compliant today!