There may not be many of you out there that have not heard about GDPR, which stands for Global Data Protection regulations. GDPR is effectively new legislation that will be introduced in May 2018 and will see one of the biggest changes in how businesses use and store personal data.
You can view the GDPR guidelines, it is a heavy document with no less than 11 chapters and 99 articles.
Getting ready for GDPR can be a challenging task for businesses in the UK. So let’s take our area of expertise, web design and look at some of the tasks that will get you on your way to be GDPR compliant.
Your website is a great place to start. Do you collect email addresses via your website? If you do, you need will need to show you have consent in place. This will include verified consent for anyone under the age of 18. The days of taking email addresses from an enquiry and simply adding it to your mailing list are gone.
OK, so let’s say you have all that part in place, then you need to make sure that any data you collect through your website is encrypted. Installing an SSL certificate to your site will give you the padlock symbol and the S at the end of your HTTP. This enables a secure connection from browser to web server.
If you are not sure whether your website has an SSL certificate, check for the padlock symbol in front of your websites URL. If it isn’t, then it should be added.
Now onto storage of data, that you will have now been collecting with the aforementioned level of consent and security.
The responsibility of any business collected data lies with you. Even if you use a third party to store data you should verify their procedures for processing data with each third party concerned.
If you store personal data in house, look at who has access to what data. From there you need to start thinking about implementing new procedures for the secure deletion of personal details under the ‘right to be forgotten’ article.
This is just a start to getting your business fully compliant, however, it’s a start. If you would like to discuss your website and GDPR compliance, please get in touch.