Unless you’ve been on a different planet for the past few years, you’ll probably know that on 25th May 2018 data protection rules are a-changing. Seriously changing.
GDPR – General Data Protection Regulation – comes into force and although, as with all things legal, it’s something you cannot ignore if you own/run a business, it isn’t something that should keep you awake at night.
What’s all this GDPR stuff about then?
It’s all about enhancing data privacy laws, bringing them in line with our digital age, and understanding the way businesses (and agencies/organisations etc) collect, store and use personal information. Essentially, this new legislation is concerned with people’s privacy, and should, hopefully, be a positive step forward in this fast-paced digital world. We will all have the right to know how our personal data is being collected, stored and handled, and what companies/organisations will do if there is a security breach. GDPR is also about having an audited trail so that people are in no doubt as to why a particular business or organisation holds information about them.
How will this affect your business?
There’s a very straightforward summary here of the key changes around data protection from the EU GDPR website. But in a nutshell, you’ll need to be transparent – ie you need to document the type of personal data you keep, where this data came from and who you share this with (if appropriate). You’ll also need to take care of any personal information you handle, and have a system in place if hackers manage to get into your website and steal the data.
How do you make your website GDPR compliant?
If you capture any kind of personal data on your website (ie forms, blog comments, and sign-up software), GDPR is definitely going to affect you. But don’t worry, here are a few steps you can implement now to get your website ready for GDPR compliance.Add a privacy policy to your website.
if you already have one, then give it a read through and ensure it ticks all the GDPR compliance boxes. Here’s an article to help: https://econsultancy.com/blog/69256-gdpr-how-to-create-best-practice-privacy-notices-with-examples/
1. Double Opt-Ins
If someone gives you their personal details in exchange for a free e-book, for example, you cannot automatically add them to your newsletter list. They have to be able to provide separate consent for the different types of communication you’re sending them.
2. Make sure your website is secure
If your website hasn’t got an SSL certificate yet, then now is a great time to rectify that. When a website begins with a https prefix instead of a http, any data that is sent to this website will be via an encrypted connection, which means it’s doubly extra safe and secure. You can read all about SSL in one of my earlier blogs.
3. Third-party organisations
If you use a third-party provider to run your email marketing, then check out what they are doing about GDPR to keep you and your subscriber lists safe. Here’s a link to find out how Mailchimp are handling it: https://blog.mailchimp.com/getting-ready-for-the-gdpr/
There is so much to this new legislation than just the points I’ve highlighted above, so as well as implementing the website changes I’ve suggested, I would also recommend you undertake your own research into GDPR and how it will impact on your business, your website and your information systems.
Disclaimer: although I have attempted to ensure this information is as accurate as possible, I am not a legal professional and cannot accept any responsibility for any actions you take based solely on the information contained in this article.