The “General Data Protection Regulation” (GDPR) will be enforced on the 25th of May 2018. Its aim is to give people more control over how companies use their data. Those companies that do not lay out, and adhere to, their policies in a clear and concise manner are liable to a weighty fine. Are you ready?
“But what if I don’t collect any personal data?”
Simply by having a website it is almost guaranteed you are collecting data. The EU has substantially expanded the definition of personal data under the GDPR: online identifiers such as IP addresses now qualify as personal data. If the data you process could be combined with other data to identify someone, it can be classed as “Personal Data” or “Personally Identifiable Information”.
- If you have a mailing list or a newsletter, this will also hold personal information. If you use a service such as MailChimp or Campaign Monitor and people sign up via your website, you are taking personal data and passing it on to a third party.
- Google Analytics may be installed on your website, in which case you are collecting data.
- If you operate an eCommerce website then you are obviously collecting user data (as it is required to complete your orders).
- If you have any contact forms on your website, your user is giving you their data whenever they use those forms.
“What does this mean for me?”
- You must ensure any contact forms, signup forms or any other area on your site in which your user inputs their data carries a checkbox where they give you consent to use their data. This box cannot be pre-checked.
- You need to have adequate security on your website to prevent any breaches. Failure to do so would be a violation of GDPR.
These laws will affect you! Your business can be fined for breaching GDPR: up to a maximum of 4% of annual global turnover or €20 million, whichever is higher.
We have an easy solution:
- We enlist the services of an external group of lawyers, designers and developers that create legal documents for websites. Once these have been generated specifically for your website they are hosted on an external server and embedded into your site.
- The legal text is then automatically updated any time the law changes and as such the information stays relevant – you don’t have to periodically call your lawyer to do this for you.
- On top of this we will add any checkboxes required for your eCommerce pages or any contact forms you have.
Our GDPR solution is a monthly service: this ensures the wording of the documents can be continuously revised by a legal team (and is considerably cheaper than hiring a lawyer!). Get in touch to find out more.