What will GDPR mean for the way you do business online?
With new EU legislation on personal data coming into effect next month, here’s everything you need to know about GDPR and 6 simple steps you should take now, to ensure your company conforms to the new privacy laws.
Need help making sure your contact forms and website are GDPR compliant?
Drop us an email here and we’ll explain exactly what you need to do.
What is GDPR?
And what do upcoming EU changes to data protection law mean for your business?
Billed as the most important update to data protection since the advent of the internet, GDPR – or the General Data Protection Regulation – is a new EU legislation that comes into force from the end of May 2018.
Probably the best place to begin is by establishing exactly what GDPR is. As the name suggests, it’s intended to ramp up the security of – and access to – our personal data. It aims to give people more control of this information, offer enhanced protection and provide certain rights about how our data is used.
If you do business online within the EU this affects your company
While that sounds simple enough, if you consider just how much data is being collected, shared and transmitted by business these days – and the many ways that information can be hacked, sold or accidently released – the whole issue of security and protection begins to look a lot less straightforward.
The legislation applies not just to EU citizens and companies, but also to every organisation operating online within the European Union. It also extends to any entity processing the data of EU residents, regardless of location. Effectively its reach is global.
What does General Data Protection Regulation mean for your business?
If your company gathers or uses the personal details of any EU citizens these new regulations apply to you. The requirement for increased protection means a change to the way you can store, access, transfer and share the information you hold on other people. And it’s not just customers or business contacts that the law applies to. Employees are given exactly the same rights and control over the information you hold on them.
In reality, GDPR is a group of different laws, under a single regulatory system, which embrace security, compliance, risk, governance and the proper control of personal information.
GDPR demands tighter control of the way you manage other people’s data
Given the volume of personal data flowing through most businesses today and the potential value of such information, it’s important to understand what the changes mean to your company. And to be prepared to make adjustments in the way you gather, store and protect facts about visitors to your website or app.
Is GDPR compulsory for all websites and apps?
Yes it is.
Implementation is mandatory and failure to ensure your business is compliant by the 25th May deadline could incur fines of up to £20M or 4% of your turnover. While each region has its own active regulator, individual organisations are responsible for considering – and implementing – their own obligations under the General Data Protection Regulation.
Greater transparency doesn’t have to be a headache
The biggest impact will be on industries who make a business from trading and analysing data. They’ll need to make major adjustments to the processes and systems they use and conform to much tighter regulation.
But for most companies, offering or selling their services online, GDPR can be seen as a logical extension of the 2011 European ‘Cookie’ law – which made it obligatory for websites to alert visitors if they record user data.
Small changes to the way you control such information and the transparency of your procedures are essentially all that’s required.
Our quick GDPR compliance checklist
6 updates every business should have in place on their website right now.
1. Website Forms. It’s no longer acceptable to automatically assume anyone contacting you via a form on your website agrees to receive future communications, or opt in to any kind of list. From May 25th you’ll need to specifically ask for permission.
2. Social Media. If you plan to collect email addresses to use in social media targeting you’ll have to tell users and provide them the choice of opting in or out.
3. Audit your list. GDPR doesn’t just affect future sign ups. It applies to all the data you hold on EU citizens gathered in the past, unless it was collected in a way that’s already compliant with GDPR. Now is very much the time to clean up your mailing list because the people on it now have the right to be forgotten.
4. Security. You must have the right procedures in place to detect, report and investigate any breaches of the personal data you hold. Larger organisations may also need to assign a designated Data Protection Officer.
‘‘Concise, transparent, intelligible and easily accessible; written in clear and plain language, particularly if addressed to a child…’’
Not sure if your website or app is GDPR compliant?
Give us a call or drop us a message here and we’ll take a look for you.
What kind of information does GDPR protect
The new General Data Protection Regulation considers any information related to a person – that can be used to identify them in any way – as personal data. This may include names, photos, bank details, phone numbers, emails or medical records, as well social media activity and IP address related details.
From May, EU citizens have certain rights over the way this type of information is used, which include:
- The right to challenge a company’s reason for holding personal data.
- The right to access and correct any information held on file.
- Free transfer of data – making it easier for people to switch providers.
- The ability to withdraw consent, be ‘forgotten’ and have all personal data erased.
- Notification of any data breaches involving their data within 72 hours.
Where Europe leads the world tends to follow
GDPR is establishing new standards for the data protection of EU citizens. It’s very likely that other nations will follow suit and large organisations – who operate in, but are based outside of Europe – will be forced to comply.
This increases the likelihood of the new standards becoming global. Facebook’s Mark Zuckerberg is quoted as saying he intends to ‘make the same controls available everywhere, not just in Europe’.
Chances are that other major online entities will do the same, extending the benefits of GDPR to all their users regardless of location.
The benefits and challenge of General Data Protection Regulation for business
While there are certainly challenges for business – principally the need to organise existing data and revise the way they manage those details in the future – there are also opportunities:
- Building a single GDPR compliant view of any information you hold on users means far greater potential for accuracy. A trimmed down list, made up of consenting individuals – with a validated interest in your message – offers the chance to enhance the personalisation of your message or offering.
- Improved security makes a business less vulnerable to cyber attack. By upgrading data management systems to be GDPR compliant your entire business will be safer and less of a target for hackers.
- Being transparent and telling users your business conforms to the highest standards available is an opportunity to build trust with customers and show them you handle data responsibly.
Why stricter legislation is a good thing?
Until now our information and privacy has been poorly protected to say the least. GDPR changes that by forcing companies to act responsibly with the data they hold.
That’s good for us all as web users. But – intentionally or not – stricter control of personal information also makes it easier for a business to improve its offer. By effectively weeding out all but the most engaged users a company can better respond to customer requests, communicate in the ways they prefer and ultimately tailor their message to a more receptive audience.
Is your company ready for GDPR?
Give us a call or leave your name and email below. One of our team will be in touch.