There are a new set of initials which should be at the forefront of every website owner’s mind – GDPR. This stands for theĀ General Data Protection Regulation, and it comes into force on May 25th, replacing the current Data Protection Directive. The intention is to further improve and strengthen privacy laws, and there will be serious penalties for non-compliance, so this is not something that can be ignored on an “it-doesn’t-apply-to-me” basis.
The GDFP is a weighty document, running to 11 chapters and 91 articles, so this blog will barely skim the surface of it. In any case, much of the new act will only be relevant to larger companies, so for now, we’re just going to pick out the main points of concern for the owners of small websites. The regulation requires companies to implement reasonable data protection measures, and to report any security breaches. Individuals will have the right to have their data deleted (erasure) or moved (portability), or may object to the way it is being processed. Consent for the use of data must be obtained, not assumed. Therefore, if you operate a website, however small, you should begin by considering these points:
- What data do you hold about your clients? Even a name and email address counts as data.
- Where is this data stored? It might be on your website, or on a third party site, such as Mailchimp if you run a mailing list.
- Do you obtain consent for holding this data?
- How long do you keep this data, and are your clients informed about this?
- Do you have a privacy policy? As an example, you could check our one here.
- Is your site secure? For more information on this, see our recent blog on the subject.
As mentioned earlier, this article only scratches the surface of this subject, so if in doubt do some more research. The GDPR website is here, or get in touch for more help. May 25th isn’t far off …