Is Your Website GDPR Compliant?
What Has Changed?
Several changes have been made that impact data protection regulations and compliance:
- It applies to all companies that process personal data, regardless of the company’s location.
- You must give users more information when collecting their personal data.
- New regulations around gaining consent to collect data. Consent and explicit consent require clear actions.
- The age barrier for collecting data is rising from 13 to 16.
- You must delete data that you’re not using for the original purpose.
- People can revoke consent to data processing any time and it must be easy for them to do. More control must be given to the users.
- You have 72 hours to notify regulators of a data breach, unless the breaches are unlikely to be of risk to users.
- There is now a national office for complaints.
- Large data controllers must appoint Data Protection Officers.
- If you don’t comply with GDPR, you could be liable to fines up to £18,000,000 or 4% of total global annual turnover for the previous year.
Internal policies and procedures around data collection and management may need to be reviewed and adjusted. Key staff should be made aware of the new regulations, the changes implemented and how they impact your company.
What About 3rd Party Apps?
If you use a third-party app or platform such as MailChimp to store user data in the form of a mailing list, you’d be well advised to take a look at this fantastic document that their legal team have put together. Specifically created to help you understand GDPR and how it effects your business, with a focus on using MailChimp’s services.
“MailChimp is excited about the GDPR and the strong data privacy and security principles that it emphasizes, many of which MailChimp instituted long before the GDPR was enacted. At MailChimp, we believe that the GDPR is an important milestone in the data privacy landscape, and we are committed to achieving compliance with the GDPR on or before May 2018.” – MailCimp
What About GDPR and Brexit?
Well there is plenty of speculation around this subject and although this latest version of the UK GDPR will already have some differences to the EU, it’s likely there may be more changes to data protection regulations and the UK GDPR in the not so distant future. Follow the blog to be kept up to date with data protection compliance in the UK and how it affects your website and online activities.
Guarantee GDPR Compliance
This is not something to be taken lightly, the only way to truly ensure you are fully compliant is; firstly to educate yourself on the requirements that affect your business and secondly seek professional advice on the legal intricacies of GDPR and your data processing.
The new GDPR came into force on May 25th 2018, make sure you are up to date and compliant. There are many companies offering GDPR training and compliance help. Choose carefully and ensure they are working to the relevant GDPR for your country.