HELLO! DO YOU HAVE A WEBSITE, OR BLOG?
YOU DO? OK. LET’S TALK
PLEASE NOTE: I HAVE DONE MY RESEARCH AND AM WELL-INFORMED, HOWEVER, I AM NOT A LAWYER. YOU MAY WISH TO DISCUSS ANY LEGAL POLICIES WITH A SOLICITOR.
ALSO. I APOLOGISE IF THIS IS BORING. I DON’T ENJOY BORING, AND WOULDN’T BRING YOU ANYTHING BORING UNLESS IT’S COMPLETELY NECESSARY, SUPER IMPORTANT, AND LIKELY TO SAVE YOU A FORTUNE, WHICH THIS IS. LET’S GET CRACKING THEN, SHALL WE?
GDPR is important new legislation that came into law in 2016, but is enforceable from May 25th 2018. It replaces the Data Protection Act and unfortunately, it’s not something we can ignore. It will affect businesses of all sizes in many ways and all website owners (including blogs, we’ll get to that) need to be aware of, and implement the legislation where needed. I’m focusing on GDPR with regards to websites, but you can find out everything GDPR in all aspects of business here. You will need a policy to cover all aspects of your business whenever you hold information on anyone, so it’s worth looking for some of the free document templates available online, to give yourselves a headstart.
Now. The law applies to businesses in the EU, so you may think we may be excluded due to Brexit. NOPE. Any organisation offering services or products (even free ones), or those who monitor the behaviour of anyone within the European Union, must comply. That means if just one person from within the EU signs up for a newsletter, opts-in to your freebie offer, buys a product or simply interacts with your website (because, cookies) you’re in.
In other words: GDPR becomes the global standard for data protection.
EEEK. Probably wrong, actually. It doesn’t matter how big or small your website is, whether it’s for business, or pleasure, and whether it’s making you money or not. If you collect data, in any manner, this will affect you and you need to comply with the legislation (find out how, here).
You may think you’re NOT collecting data – but if you have any of the following, you are. Sorry.
• comment form (that collects email addresses/requires registration)
• newsletter sign up form
• opt-in or freebie offer
• contact form (yep, really)
• plugins that collect info (security, spam, competitions etc)
• analytics/traffic logs
• feedback form
• etc etc
If you collect data through a third party, such as Mailchimp etc, you as the Data Controller (they would be the Data Processor) are responsible for ensuring their GDPR processes are up to current standards. If not, it’s probably worth using a different supplier.
WANT TO DOWNLOAD OUR FREE CHEAT-SHEET?
BUT, I HARDLY COLLECT ANYTHING!
WHAT COUNTS AS PERSONAL DATA? ⇒
Data that can be used to identify someone (directly, or via other means) is considered Personal Data. This includes:
• Email address
• Job Title/Company
• IP address
Data consisting of sensitive personal info. This includes:
• Sexual Orientation
• Religious Beliefs
• Political Beliefs
• Health Conditions
• Ethnic Origin
• Police Record
⇐ WHAT COUNTS AS SENSITIVE DATA?
NOW, IF YOU’RE DEALING WITH INFORMATION THAT MAY PERTAIN TO CHILDREN YOU MUST BE EVEN MORE CAREFUL, AND MAY NEED TO GAIN PARENTAL/GUARDIAN PERMISSION TO PROCESS DATA.
ALSO, ANY PRIVACY DOCUMENTS MUST BE WRITTEN IN A WAY THAT CAN BE CLEARLY UNDERSTOOD BY A CHILD. I STRONGLY RECOMMEND LEGAL ADVICE IN THESE AREAS.
Quite simply, because it’s law, and if you don’t…you could get fined BIG bucks (up to €20,000,000 or 4% of your annual global turnover). The fines have increased dramatically with the changes from DPA to GDPR – Talk Talk’s Pivacy fine of £400,000 would be around £59,000,000 now. So yeah. Whilst we don’t expect small businesses have that kind of cash laying around, and punishments will of course take differing circumstances into account, Legislators are taking this really seriously. Is it worth *not* getting your website and overall business policies sorted? Personally, I’m not liking that kind of risk.
I speak to a lot of people about GDPR (great chat at dinner parties). Most small business owners are still completely unaware of the legislation, punishments, and how it affects them. Some have decided to ignore it. Large corporates though, are spending millions getting GDPR processes, documents and audit trails in place, so it shows the importance. EU regulators have made it clear they intend to go after high-profile brands as a way of forcing businesses to comply, and it’s only a matter of time until that filters down to us. UGH.
We’ve put together a clear, concise cheat-sheet detailing exactly how you can make your WP website GDPR compliant. And it’s absolutely free, because we like you (grab that here). However, there are a few more things you need to know before you skip off into the sunset. So without further ado…
• Under GDPR, if your website is experiencing a data breach of any kind, that breach needs to be communicated to your users, within 72 hours. In WordPress terms, if you’re hacked, this could involve communicating details to everyone who’s commented, registered or potentially just used your site, which is crazy. SO, make sure your security is up to date, you’re backed up and protected. You can chat to us about doing this for you, we have a variety of packages and quite like being your Guardian Angels.
• You must give users access to any information you hold on them, free of charge (as long as the request is at reasonable intervals). GDPR states that Controllers/Processors must be transparent about how they collect data, what they do with it, how they process it, who can see it and must use clear, plain language when explaining these things.
• Individuals have the “right to be forgotten”. This means that all data regarding an individual must be deleted immediately upon request, if they’ve withdrawn their consent for their data to be collected, or object to the way it is being processed. You also have to contact third parties to ensure they destroy any personal data you may have provided.
• Personal data must be stored in easily recognised formats, so that it can be immediately moved elsewhere if requested.
• Your website policy needs to reflect your overall GDPR policy, so whilst making your website compliant is an important step, it’s not the only one. It’s advisable to complete a risk assessment of how data is stored and who it’s accessible by, decide what steps you’ll take to protect that data, and what will happen/who to report to if it’s compromised. If you have a larger business, it’s worth appointing a Data Protection Officer to look after Data Security as part of their role.
FUN FACTS OVER!
HOW DO YOU MAKE YOUR WEBSITE GDPR COMPLIANT?
OUR CHEAT SHEET HELPS YOU:
• DISCOVER WHAT INFORMATION YOU NEED LISTED ON YOUR SITE
• UNDERSTAND THE DO’S & DON’TS OF GDPR
• GET TO GRIPS WITH WHICH PLUGINS YOU NEED
• LEARN HOW GDPR WILL AFFECT SOCIAL MEDIA/MARKETING STRATEGIES
GET OUR FREE CHEAT-SHEET
AND CONQUER THAT PESKY GDPR!
AFTER SUBMITTING YOUR DETAILS, AN EMAIL WILL BE SENT TO YOUR INBOX CONFIRMING YOU WOULD LIKE TO DOWNLOAD THIS INFORMATION. IF YOU AGREE, YOUR NAME AND EMAIL ADDRESS WILL BE STORED BY JMD DIGITAL DESIGN LTD. BUT NEVER PASSED OR SOLD TO A THIRD PARTY. YOU CAN REQUEST THAT YOUR INFORMATION IS REMOVED AT ANY TIME.