GDPR – How it Affects Website Owners
As the owner of a website, there is no doubt that you will have heard of the General Data Protection Regulation (GDPR) that came into effect in May 2018. This is a set of data protection regulations built up by the European Union (EU) and it looks set to have a pretty wide-reaching impact on the industry as a whole.
If you are unsure of whether or not GDPR matters to you, then read on. We will help you to get a closer understanding of what GDPR means for website owners.
What is GDPR?
This is a new set of data protection changes that puts the power back in the hands of the consumer. If you run a business and find that your website collects or uses customer data, and you either deal with EU citizens or work with companies who work with EU citizens, then you need to get GDPR ready. It does not matter if the EU citizen is outside of the EU: they have the same EU rights regardless of where they go in the world.
This means that adhering to GDPR is not just a suggestion: it’s a demand.
Failure to comply will see you first threatened with the need to make changes, and then threatened again. A failure to comply again will see you hit with a severe warning, and then eventually a suspension and/or a penalty. This penalty could be as much as 4% of your annual turnover, or €20m.
As you might imagine, this is a lot of money to lose due to negligence. This is why we recommend that all businesses who fall under GDPR jurisdiction carry out some of the immediate changes. This will help you to avoid falling foul of GDPR’ less charitable side.
I’m outside of the EU, though?
It does not matter, at all. If your website takes in any information about an EU citizen, then you have no ability to deny following GDPR protocol. Remember that an EU citizen could be getting access from outside the EU but still holds the same rights. If your county you are based in has ties with the EU, then there is a good chance that you will expected to comply anyway.
While most small-scale website will not need to worry about GDPR compliant too much, any companies with a large volume of EU customers should take GDPR extremely seriously. Regardless of whether or not you feel like you could side-step GDPR, we recommend that you take the time that you can to implement some of the following changes.
This will help you to make sure you can stay safe.
Data Handling Has Changed
For one, data handling is now new and consumers all retain the ‘right to be forgotten’ by your business. Should a customer contact your business and ask that you remove their content from your site, then you have no real reason to say no. They can ask to be removed from any and all databases that you use, and this will make it much easier for you to get rid of data when you have to.
If a user requests that you remove data, then it is upon you to comply as soon as you can. You should also make sure that users are made aware of this, with clear inference to the ease of which you can have data removed made clear to all visitors. Security over customer data is now a huge part of the public discussion about IT usage, and you will be required to keep all data in a safe, secure and encrypted location. You will also need to be HTTPS secured, so make sure that you have a Secure Socket Layer (SSL) add-on to help protect your domain.
Also, make sure that you are using GDPR compliant software. Tools like Google, WordPress and Zoho, as well as hosting sites like GoDaddy, are all GDPR compliant. Just remember that the main aim here is to make life easier for the customer: if you cannot see a reason why your present process would make life easier, then you should look to make changes as soon as you can.
What do I need to do?
One thing that you should look to do right away is remove any ambiguity on your website. If you are not able to get a clear takeaway from a point on your site, reword it. Your site has to be very much easy to understand for the layman, so dropping all of the industry terminology will be beneficial to making sure you are GDPR friendly.
Subjects need to understand what you are saying without hiding behind a wall of legal jargon or industry wording. Use plain, clear language on everything: make a clear statement and then back it up with a solid reasoning.
Also, make it clear that consent is denied to begin with. Instead of automatically having consent until it is revoked, GDPR makes consent to be not given by default. Now, if you are going to collect any kind of personal detail from someone, you must get express consent and make sure that they are 100% aware of the consent that they have given you.
This means that they must have a tick box, unchecked by default, asking them to agree to your terms to begin with. You also cannot deny them access if they refuse: in the past this was accepted practice. Today, that is no longer the case whatsoever. You must get consent, and you cannot deny access due to a lack of consent.
Lastly, let’s take a look at what you should do if you need to make changes to fit in with GDPR. First off, hire an expert to come in and take a look at your business. They should be able to spot the main changes that you need to make if you wish to ensure your website complies entirely with the new GDPR regulations in place. Don’t take these for granted: compliance is essential.
Check out the infographic “55 things you need to know about GDPR” below:
Download infographic here:
powered by casinopick.ie