Big changes are coming for any company that collects and handles their customer’s personal data (so basically everyone) and breaking the rules could result in a large fine.
The incoming European Union General Data Protection Regulations (GDPR) mean you’ll need to have a firm understanding of how you obtain, transfer, store and handle personal data by the compliance deadline of 25 May 2018.
Data protection isn’t just about keeping information safe. It’s about recording changes and offering easy and appropriate access for people to keep their data updated.
There’s been a huge amount of discussion about what GDPR will mean for businesses. If you have websites, intranets or mobile applications, you will need to pay particular attention to your inquiry forms, online processing, cookies and privacy policies. You’ll also need to ensure your processes are as safe and secure as possible.
We recommend constructing a data flow map to understand exactly what data you store, transmit and collect from your customers. This will give you an overall view of where there might be vulnerabilities and ideas for upgrades or firewalls.
You’ll also need to be sure any data moving point to point is encrypted and secure. This could include contextual information, like the user’s location or connected accounts.
Once you’ve decided which information is appropriate for you to store, consider:
Some of these provisions are considered web development best practice, so you may already have some or all of them in place. If you don’t, or you find gaps, you have until 25 May 2018 to make changes.
GDPR compliance doesn’t need to be a chore. With good advice and a solid plan, it puts customers in the driving seat and builds trust and engagement, all while enhancing your reputation. If your digital presence could do with a shake up, get in touch.