The EU General Data Protection Regulation
(GDPR) is designed to harmonize data privacy laws across Europe and to protect EU citizens’ data. The new regulations require organisations to provide greater clarity with the personal information they collect and how they store it while giving citizens more rights and control over their personal information and more access to it.
The regulations are enacted on May 25th, 2018…but what does this mean and who does this apply to?
Safe & Sound?
If your business handles the personal or the sensitive personal data of EU citizens it must comply with the new regulations. This can include names, addresses and email addresses, as well as more sensitive data such as passwords, banking account details including card numbers, birthdays etc.
The regulations include which third parties you share and process data with. Now before you protest- almost all businesses use third parties, or Processing Partners, in their day to day operations.
Processing Partners can include, but are not limited to:
- Invoicing/Accounting Software (Xero, Freshbooks, Quickbooks, Sage)
- Delivery Company (Royal Mail, DPD, UPS etc)
- Payment Processor (PayPal, Stripe, Sage Pay, Worldpay etc)
- Business Partners
Even if you are the only one that has access to this data but it is input/stored with a third party system it needs to comply!
Everything has Changed?
A major tenet of the GDPR is the strengthening/ demystification of conditions for consent; data processing consent must be as easy to revoke as it is to give.
For example, the terms and conditions for consent can no longer be obscured by rambling legalese. They must be simple and delivered in an easily accessible form that anyone can understand.
What to do!
Make sure you’re informed, have a read of our guide “Where are you with GDPR?”.
Make the changes to your website:
- You will require a cookie opt-in feature that meets the new regulation
- Any contact forms need to be compliant
We are offering a flat-rate GDPR web compliance package (£135.00 + VAT) that includes:
- Integration of a cookie opt-in script, which we have developed in-house. It’s a fully GDPR compliant plugin that is fit for purpose. It is fully customisable to match your websites existing style and contains the relevant controls for enabling/disabling non-essential cookies like Google Analytics.
- Amendments to your contact forms so they contain the correct wording, include an opt-in feature, and ensure they adhere to the new guidelines.
Email us at firstname.lastname@example.org to get the ball rolling!
GDPR effects your entire business operation, not just your website. Yes, we can advise you regarding simple steps you can take to ensure your website is working towards compliance, but that’s where our guidance ends.
If your business stores and processes personal information, you really need to speak to a GDPR expert.
Rob Norris, of Red Nova Solutions, is an IT & Data Specialist trained in GDPR compliance. He’s knowledgeable, local, and a genuinely nice chap.
Email him at email@example.com for more information!