June 2018
« Mar    

Guide to the General Data Protection Regulation (GDPR)

Does the New GDPR regulation apply to me?

If you find yourself working with data protection on a day-to-day basis, this will be vital for you to catch up on.

The latest changes to General Data Protection Regulation (GDPR) will take effect as of 25th May 2018. GDPR will cover the new changes concerning data protection within the EU and those who fail to comply may be fined.

Data is something that we all come across and use, whether we realise it or not, so carrying out an audit now and making sure you are compliant will save you time and money in the long run, plus it will show your customers how serious you are about protecting their information.

Making Your Website Compliant

The purpose of the GDPR is to ensure that personal data and sensitive personal data are processed securely and appropriately in the best interest of those it belongs to.

To ensure that your website is compliant with GDPR here are a few beginning changes to make:Guide to GDPR

Opt in not opt out: If you have any form of opt-in form on your website to capture the data of people when they, for example, download or purchase from you, you will need to ensure that the contact preferences are set to ‘no’ as default or appear blank.  If people want to be contacted by you, they will need to tick a box to give their consent to be contacted.

Consent: The consent that you ask for on your website needs to be separated out into the different types of consent you require – for example terms and conditions need to be separated from contact preferences.

Double opt in: To make sure that people have not opted in by accident it is best to firstly provide the tick boxes to allow them to sign up if they wish to be contacted and then email them with a confirmation link that they need to click on to verify that they do indeed want to be on your list.

One box does not tick all: Similarly, if you will be processing data in a different way you will need to specify different consent tick boxes. For example, contacting by phone, post or email or for passing data on to a third party. You will need to clearly name who the third party is.

Be transparent: You will need to let people know how and why you are collecting their data.

Withdrawal: You need to make it easy for people to withdraw their consent or change the ways in which they can be contacted or the frequency of communications.

Online payments: E-Commerce website owners need to be aware of any personal data that is collected before details are passed on to the payment gateway. You must therefore modify your site so that it only stores this data for a reasonable amount of time.

Cookies: Website banners warning the use of cookies are no longer sufficient. You must be more specific about the types, quantity and purpose of cookies being used. Consent of cookies should also be renewed every 12 months and users should be offered the opportunity to withdraw their consent for cookies at any time they wish. The language you use when notifying users of cookies must be clear and detailed.

Where Do I Go from Here?

If you’re interested in taking further steps to ensure you are compliant with the latest in GDPR there are a few things you can do in the workplace.

Researching the full GDPR regulations to ensure you are confident on new changes is the first step. Then, take your knowledge and share it with others in your workplace so everyone is aware. As a team you should review all your data processing procedures regularly to ensure you are compliant.

We’ve scoured the internet to find some useful resources and checklists so if you need any help implementing your own GDPR audit please get in touch on 0121 308 0219