Here’s a reminder highlighting some much discussed (read: boring), yet essential GDPR things you should know about:
Reminder about your GDPR responsibilities
Adding a Privacy Policy to your website (if we've built your website, we will add yours on for free)
Add SSL certificate compliance
As you will have had drilled into your consciousness, the GDPR (General Data Protection Regulation) will be enforced on 25 May 2018 for all businesses in the EU.
Businesses must address the following:
what personal data do you collect
how do you collect it
what purpose do you collect data for and ensure you only use it for that purpose
how you protect the data at all stages of processing
how you delete the data securely when it is no longer needed.
You can read GDPR for website owners on our website for further details.
As part of the new regulations, websites needs to have a Privacy Policy that tells users how data is collected, stored and used. Because not every business collects and handles data in the same way, each business is responsible for ensuring their own compliance, just as they are responsible for compliance with the laws that apply to them today.
Our Privacy Policy is now in place and we used GetTerms to create it. You can use it too, but we are not in any way endorsing this site and you can use it at your discretion!
These are websites with ‘https’ or a ‘lock’ in the web address bar, that allows data to be sent over an encrypted connection. If your website has an SSL (Secure Sockets Layer) certificate, you’re making steps towards GDPR compliance.
An SSL certificate is a digital certificate that authenticates the identity of a website and encrypts information sent to the server using SSL technology. Encryption is the process of scrambling data into an undecipherable format that can only be returned to a readable format with the proper decryption key. A certificate serves as an electronic ‘passport’ that establishes an online entity's credentials when doing business online. When a visitor attempts to send confidential information to a web server, the user's browser accesses the server's digital certificate and establishes a secure connection.
While having a SSL certificate is not an essential requirement, you will be making yourself more GDPR compliant if you implement one.
As you will have noticed already by now, the GDPR (General Data Protection Regulation) will be enforced on 25 May 2018.
The GDPR replaces existing data protection regulations on how businesses collect, store and use the personal information of clients. The new regulations mean control of data is handed back to people, rather than the interests of businesses. So it’s essential for us and our clients to make the necessary changes so we all comply with the new legislation.
You need to comply if your business operates within the EU and handles and stores personal information. Simply, businesses must address the following:
what personal data do you collect
how do you collect it
what purpose do you collect data for and ensure you only use it for that purpose
how you protect the data at all stages of processing
how you delete the data securely when it is no longer needed.
As as website owner, ensure that you:
Gain explicit consent before collecting data, where consent is requested using an opt-in system, e.g. in a newsletter.
Provide a clear and accessible privacy policy, that informs users how data is collected, stored and what it will be used for
Have a mechanism in place for users to request to view their data
Put into place a ‘Right to be Forgotten’, where users can withdraw consent and request removal of personal data that has been collected.
Regarding what website owners need to do, we suggest undertaking the following activities to ensure you are compliant:
This includes data collected from your ‘Contact us’ forms such as names, email address, telephone number, company, etc.
Third party data collection from Mailchimp, Infusionsoft, AWeber, etc.
An online store you use to collect customer data to process orders.
Contact forms storing personal details on your website database. Are these storing unencrypted data?
Keep your data collection to a minimum and you’ll limit data breaches and GDPR non-compliance. Collect only information you are going to use.
Your website will need a privacy policy page that tells users how data is stored and used. It should inform customers how they can request access to their data and what they have to do to withdraw consent for their data use and storage.
These are the websites you see that have ‘https’ and send data over an encrypted connection. This isn’t a required step, but you will be making yourself more GDPR compliant if you implement an SSL certificate.
The data controller needs to have defined processes in place in the event of a data breach and report it within 72 hours.
For more information, visit the Information Commissioner’s Office website for a useful guide written in plain English. Check out the ‘12 steps to take now’ PDF:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
Copyright © 2020 Infiniti Graphics (Ely) Ltd. Company No. 12058491. VAT No 361 3938 88.