May 15, 2018

IS YOUR WEBSITE READY FOR GDPR?

written by Steven Squires
GDPR - General Data Protection Regulation 25th May 2018

IS YOUR WEBSITE READY FOR GDPR?

Hopefully by now, you will know what GDPR is and how it will affect your business?! If not, here is a brief explanation…

WHAT IS GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals in the European Union. (This will still be in effect after Brexit.) GDPR aims primarily to give back control to the user over their personal data. GDPR will be enforceable from 25 May 2018.

GDPR should now make you think twice when designing your website. Is your website saving contact information to its website database? Where are you storing users data? What are you doing with it?

The upcoming GDPR regulation means businesses now have to explain how they are collecting and what they are doing with users data.

COMPLY WITH GDPR OR RISK A FINE!

One of the biggest (and most discussed) elements of GDPR is the power for regulators to fine businesses; and the scale of those fines!

If an organisation doesn’t process an individual’s data in the correct way, if it should but doesn’t have a data protection officer, if there’s a security breach; all these incur fines.

These monetary penalties will be decided upon by Denham’s office and the GDPR states smaller offences could result in fines of up to €10 million or 2% of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million or 4% of a firm’s global turnover (whichever is greater). These are larger than the £500,000 penalty the ICO can currently wield.

To put this simply, fines in 2017 would now be x79 HIGHER under the new regulation.

OUR TIPS TO HELP YOU MAKE YOUR WEBSITE GDPR COMPLIANT

Registering with the ICO: First of all, your organisation should be registering with the ICO (The UK’s independent authority for data privacy). The ICO has a lot of useful information on GDPR which can help your organisation, both online and offline. The cost for most businesses is up to £35 (subject to the size of organisation). £35 is a small amount to invest when you consider the potential repercussions of GDPR regulations.  – Sign up to the ICO here

Active Opt-In: Now I’m sure you’ve seen (and experienced) on retailer websites especially, when you’re entering a contact form, businesses try to make you sign up for their newsletter! Well, they can no longer do this. If you have forms on your website, make sure they are all set to default blank or “no” on all of your checkboxes, like email sign-ups for example, and this includes T&C’s. You can’t force people to sign up to something without their consent. See below an example.

active opt in exampleSeparate Opt-In: Every communication path should have a separate opt-in. Users should be able to select which communications they would like access to. You also have to explain to the user how many newsletters they will receive and which information will they be signing up to. Transparency is the key and this is a great chance to separate your users into different email communications.

*Note – If you currently already have an email database of users, you will either have to remove all of their personal data from your CRM/Mailing List, or, why not come up with an engaging campaign contacting and asking them stay on your mailing list.

separate opt in example

SSL Certificate: Any data being submitted to your website must be encrypted. SSL stands for Secure Sockets Layer and is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

Have you heard of a SSL certificate? Do you have a SSL certificate on your website? Why should you have a SSL certificate?

Any computer in between you and the server can see your (or your users) credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with a SSL certificate. When a SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.

If you do have a SSL certificate, you might be halfway there! Now, why only half-way? In some cases (like with Wordpress), you might be sending your mail over SMTP (simple mail transfer protocol). You may not actually be sending your mail over SSL or TLS (transport layer security) and it might be unauthenticated. Double check this! Otherwise, all of your hard work might be going to waste if you’re not sending it securely.

types of mail encryption

WE CAN HELP YOU!

Hopefully these tips will help you understand the impact of GDPR for your website and resolve some of the issues. You only have until the 25th May to be compliant with GDPR so don’t delay making any changes you can.

If you need further help or advice to help your businesses website become GDPR compliant, please give us a shout. At Aspurian Digital we’ve been helping various brands (both large and small) implement changes in relation to the GDPR regulation. The costs associated with getting your business compliant are vastly smaller than if you’re not compliant and receive a fine!

Need help with GDPR?