The General Data Protection Regulation (GDPR) is a new regulation designed to protect the data of EU citizens and EU residents both residing in the EU and around the world. Simply put, it is legislation that tells businesses that if they offer their products or services to EU citizens they must look after their data or face some pretty severe consequences. How does being fined 4% of your total global revenue sound? Not good. The new regulations come into force on 25th May 2018.
The GDPR is likely to affect the majority of businesses trading today, regardless of size or industry. If you collect or process any personal data, you will be required to comply in accordance with the new legislation. This includes companies that use internal databases, apps, CRMS or even good old email to store the personal data.
If you are looking for a little light (and yes, there is some sarcasm there) bedtime reading, the GDPR website makes for some interesting reading. In this article, we’ll take a look at some of the things you can do to your website to ensure you are compliant.
Consent is a huge part of the GDPR. If somebody makes an enquiry through your website of any kind, that means you can no longer automatically add them to your mailing list. It also means you can’t pre-populate any checkboxes when they send you a query that they have to untick if they don’t want to be added to your mailing list. Consent can also be withdrawn by data subjects at any time.
And to make matters more complicated, consent doesn’t just apply after the GDPR comes into effect. You will need to prove that the people on your existing contacts or mailing lists have given their consent for their data to be gathered. For example, can you prove that everybody you send your newsletter out to has requested this information?
An easy way to prove this and keep consent on record is to send an email out to all contacts asking them to opt-in or opt-out of your mailing list. Sure, you may lose some subscribers along the way, but the main thing is that you are acting in compliance with GDPR and protecting your reputation and bottom line.
Making Your Website Compliant
If all this talk of fines and compliance is getting you a little hot under the collar, the good news is that with a little organisation and understanding of the rules, you can get your website compliant in no time.
Start with a personal data audit across the data that you currently hold on your users and customers. What are you using the data for, do you still need the data and where is it being stored? This will help you to define which data you still need to keep and which can be archived or deleted.
Start to work your way through the following steps. These are some of basic considerations that will apply to most websites:
GDPR isn’t that scary once you get to grips with what you need to do to comply with the new guidelines. If you would like help with your website, get in touch. We can carry out a full data and website audit and make recommendations for improvements.