If you collect and store personal data, you need to make sure you are compliant with the new GDPR legislation. Companies like Facebook and Google whose entire business is built on personal information will be the most affected, but all businesses – regardless of size – now need to make sure their data protection practices are up to date.
This article provides a simple outline of what the GDPR is, what it means to your business, and some of the steps you can take to ensure compliance. This is not provided as legal advice – should you have concerns over your compliance please consult a legal professional with the relevant expertise. In particular large organisations (250+ employees) who process a lot of data should already be fully prepared for the new laws as they will be more affected.
What is the GDPR?
The General Data Protection Regulation is a set of consistent data protection rules which applies to any company who processes personal data about individuals in the EU.
What sort of data are we talking about?
Not just that of your customers – any personal data you hold relating to past and present employees and suppliers is also included.
Who does it affect?
If your business collects, stores and uses any personal information pertaining to an EU resident, it affects you.
When does it come into force?
The GDPR applies from 25th May 2018.
What happens if I don’t comply?
Certain violations of the GDPR can carry a fine up to €20m or 4% of global annual revenue.
What are the main stipulations?
- Companies who employ over 250 staff must employ a Data Protection Officer.
- Any data security breaches must be reported to the Information Commissioner’s Office (ICO) within 72 hours.
- Individuals now have the ‘right to be forgotten’ – they can withdraw consent for you to hold their information at any time. They can also send you an SAR (Subject Access Request) – a request for information relating to what data you hold, what you use it for, where it is stored, and how it is encrypted. You have one month to respond with answers to their questions or risk a fine.
What does it mean for my small business?
- You now need to know where every scrap of personal information you store is held (including staffs’ smartphones, tablets and laptops as well as any cloud hosting services you use), what it is, how you process it (and how often) and when you were given permission to use it. If you don’t know when you were given permission, you’ll need to repermission this data from the individual concerned. Large companies will need to carry out a full information audit.
- You can no longer automatically opt-in to mailing lists etc when individuals use forms on your website – forms should now have an ‘opt-in’ tick box which is unchecked by default granting you permission to use their data.
- Your privacy/data policies now need to indicate explicitly what you use people’s data for, so should be updated as such and made easily accessible from your website as well as being flagged up to existing users.
- Your data security is a key consideration: consider improving security by installing an SSL certificate on your website, locking access to your systems down to one IP address (ie. your business premises) and two factor authentication login procedures. You need to ensure you’re protecting the personal data you hold as well as properly recording how and when you acquired it.
For further information on your responsibilities and how to prepare for the GDPR please read this guide produced by the ICO.
It’s the cliched scourge of graphic designers the world over: a perfect design is presented to a client, who immediately asks for their logo to be made bigger. Well, those days are gone my friends. Let me tell you why you should be saying to your clients – you need the logo to be smaller. […]
If you’re running a business and you have a website, then your website exists to help you make more money. You might think that this statement doesn’t apply to you unless you’re selling goods or services online, but you couldn’t be more wrong.
Everybody has heard of WordPress. What started out as a platform for blogging has grown into one of the most popular content management systems (CMS) in the world – powering over 30% of the internet. It may not be the most exciting choice of software, but its combination of user-friendliness, reliability and flexibility is unmatched […]
As with many web design agencies, part of our service is the hosting of our clients’ websites. We seek out and partner with the best, most reliable hosting providers we can find and then use their services to host your website. We then manage all aspects of your hosting package so that you never need […]