The General Data Protection Regulation or “GDPR” deadline day of 25th May 2018 is getting closer and we’re all going to die. The Data Apocalypse is nigh.. You may have seen one or two or 10,000 news articles about it recently? Anyway, I’ve done some research and attended workshops in an effort to try make sense of it all for mine and my own companies’s benefit and I’m happy to share the basics I’ve learned here with you, hopefully in a simplified and jargon free way.
What’s it all about?
Basically on the 25th May 2018, new legislation is being introduced across Europe to protect private individual’s data a lot more. If companies don’t comply they may be liable for hefty fines.
What do you have to do as a company?
You need to do some research firstly, ideally a local workshop or a solicitor if you have one to get familiar with the guidelines and how they relate to your own business specifically. Here are several things to look at in your business and consider:
- What Data do you currently have and collect on your clients?
- Why do you collect that Data?
- Do you really need to collect all or any of it?
- How do you collect Data?
- How do you store the Data? Is it stored securely?
- Who has access to the Data exactly?
- Where do you store Data? Is it stored/transferred abroad, outside Europe?
- Do you share Data with 3rd parties?
- Do 3rd party companies store your data? ?If so, who and where exactly and are they compliant themselves?
- Do you have the facilities to process Data requests from clients?
- Can you securely delete or update Data you hold?
- Do you have a Data breach plan?
- Does everyone in your organisation know the rules around Data?
What do you have to do with your website?
Websites are the front line for many companies and range from basic sites that ask for and accept no data or cookies from visitors up to large, data heavy E-commerce sites with Online Payments, Member Sections, Logins, Newsletter Subscriptions etc..
Here are some of the things you should really do on your website BEFORE the 25th:
- Add a Privacy popup that requires explicit, recorded consent.. Or
- Add a required Privacy/Terms tick box on any forms that submit data to you such as Contact Forms, Newsletter signups etc..
- Make sure any Newsletter subscription processes require the users explicit, recorded consent and is double opt in
- Make sure data transfer to and from your website is encrypted by installing an SSL certificate
- Make sure the software that powers your website, if any, is kept up to date and secure.
Despite the hype, there’s no need to panic. If you do the basic, common sense things around your clients data and remain Transparent, Secure and Accountable if things go wrong, you’ll be fine. “FINE” not “Fined…
More information for Companies and Organisations:
More information for Private Individuals:
General Data Protection Information: