Keep Calm and Comply with GDPR

Does your website comply with the new Data Protection Rules coming in to force on the 25th May 2018?

So what is GDPR I hear you cry, and why does my website need it?

Firstly, the UK relies on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this will be superseded by the new legislation. It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.

Secondly, the EU wants to give businesses a simpler, clearer legal environment in which to operate, making data protection law identical throughout the single market (the EU estimates this will save businesses a collective €2.3 billion a year).

What counts as personal data on my website under the GDPR?

  • When a customer or user fills out an enquiry form on your website, the data is stored and emailed to you.
  • When a customer or user registers on your website for information or to buy a product.
  • When a customer or user registers to be part of a forum or membership site.
  • When a customer or user signs up for a newsletter.

For example…

” If you use a health and fitness app on your phone and you sign in using your a social media account, the social media account then has access to all your personal data – example, heart rate, steps taken per day, sleep moitoring, even your sexual activity.  They use this data to tailor marketing ads to you and your devices. ”

What happens if you don’t comply?

There are two tiers of administrative fines that can be levied:
•    1) Up to €10 million, or 2% annual global turnover – whichever is higher.
•    2) Up to €20 million, or 4% annual global turnover – whichever is higher.

Liability for damages

The GDPR also gives individuals the right to compensation of any material and/or non-material damages resulting from an infringement of the GDPR. In certain cases, not-for-profit bodies can bring representative action on behalf of individuals. This opens the door for mass claims in cases of large-scale infringements.

So how can we help you?

We can offer help and advice to align your website with the new GDPR rules.

Your website requires:-

  • An SSL Certificate, unless you already have one in place.
  • Cookie Consent – this is to accept that a specific website stores data about your website usage; for example ‘Google Analytics’.
  • Opt in on forms – it is now no longer that your customers/users are automatically opted in to receive information, they are opted out and have to opt in.
  • Terms and Conditions tick box on forms – your customer now has to agree to your terms and conditions by clicking a tick box and also a link to said Terms & Conditions.
  • GDPR request personal data – under the new GDPR rules you now need to offer your customers a simple method to contact you to request what data you hold on them and what you use it for. *
  • GDPR Compliant Terms and Conditions – the GDPR requires a compliant set of Terms & Conditions that is tailored to your business and website.
  • GDPR Compliant Privacy Policy – the GDPR requires a compliant Privacy Policy that is tailored to your business and website.
  • GDPR Compliant Anti Spam Policy – this is not a GDPR requirement, but we think good practice.
  • Preparing for the General Data Protection Regulation (GDPR)

There are 12 steps you need to take now (Click Here for the Document)

We have put together a package which includes legal and compliant documents and the required changes/additions to your website to help you on this journey and make it as smooth as possible for you.

If you have an SSL Certificate already in place, then we can get you on the way to being GDPR ready for £195.00.  If your website requires an SSL Certificate, simply add on £59.

We are also including a branded Mailchimp email template for you to send to your customers/users in compliance with the GDPR “Consent” regulation.

* ‘consent’ of the “data subject” (this is the user or customer) means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; 

Thanks for reading, let us know if we can be of assistance.

Leave a reply

five × three =

This site uses Akismet to reduce spam. Learn how your comment data is processed.