GDPR Compliance for Website Owners
Ensure your business complies with the GDPR by May 2018. Why is it important? Because failure to comply with the new rules risks fines of up 4% of your turnover.
GDPR stands for the EU's General Data Protection Regulation. The aim of it is to bring data protection legislation in line with new ways that data is now used.
Currently, here in the UK we rely on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive. However, this will be superseded by the new GDPR legislation which introduces tougher fines for non-compliance and breaches, and provides people with more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU. Even after Brexit this will be upheld as GDPR comes into effect before the UK leaves the EU, and secondly the UK has made it very clear that they will maintain the GDPR legislation.
How does GDPR Affect You?
It impacts all parts of your business, wherever you store personal information.
So for a self catering owner or B&B owner with a website this will impact both the website and any other records or systems you use to store personal data.
These might include for example:
- Your Website
- CRM (eg salesforce)
- Email marketing system eg Mailchimp
- Invoicing or accounts system
- Home made spreadsheets of customer details
If you collect personal data (which you must do in order to do business) then you will be defined as a “Data Controller” under GDPR and you are accountable. The responsibility lies with the business owner and not whoever designed or built your website.
Do I Need to Check My Website?
YES - Any website that collects data (using a contact form or from sales) will definitely need changes made to comply with GDPR. Even websites built quite recently will also need changes made - to comply with the GDPR legislation.
Top website checks for GDPR
The top four checks on your website meeting the GDPR requirements are:
SSL encryption (the padlock)
GDPR requires all personal data to be transferred encrypted and that means you need an SSL certificate on your server if you have any contact form or means of sales.
Any old (over 2 years old) plugin is very unlikely to be compliant with GDPR. Reputable plugins should have updates available, less reputable ones will need alternatives sourced or coded.
GDPR requires you to obtain explicit consent from people when requesting their personal data. A pre-filled tick box is not acceptable. Your contact forms will need to be updated to request their consent.
Allowing people to access their data
GDPR requires the individuals to have easy, unrestricted access to their data, so they can either review it or delete it entirely. Or a means where they can request you provide and remove this data.
WHAT CAN I DO TO COMPLY?
We have been working hard to produce a package that will assist you in getting your website compliant.
This Package includes:
* If you already have an SSL certificate we also offer the above package WITHOUT the SSL for a reduced fee.
The Countdown Begins!
Compliance must be before MAY 2018...
We have over 400 customers - all of whom will require work on their website to become GDPR compliant.