GDPR – Are your websites going to land you a big fine?
Big changes are coming for any company that collects and handles their customer’s personal data (so basically everyone) and breaking the rules could result in a large fine.
The incoming European Union General Data Protection Regulations (GDPR) mean you’ll need to have a firm understanding of how you obtain, transfer, store and handle personal data by the compliance deadline of 25 May 2018.
Data protection isn’t just about keeping information safe. It’s about recording changes and offering appropriate access for people to keep their data updated.
There’s been a considerable amount of discussion about what GDPR will mean for businesses. If you have websites, intranets or mobile applications, you will need to pay particular attention to your inquiry forms, online processing, cookies and privacy policies. You’ll also need to ensure your processes are as safe and secure as possible.
Protecting your websites and apps
We recommend constructing a data flow map to understand precisely what data you store, transmit and collect from your customers. This will give you an overall view of where there might be vulnerabilities and ideas for upgrades or firewalls.
You’ll also need to be sure any data moving point to point is encrypted and secure. This could include contextual information, like the user’s location or connected accounts.
Once you’ve decided which information is appropriate for you to store, consider:
- Updating your privacy and cookies policies.
- Making sure your web forms have ‘unbundled’ consent and terms & conditions.
- Encrypting your data end to end – as it moves, as it’s stored and as you back it up.
- Making sure all data can be ‘forgotten’. This also applies to any third-party integrations that you might use to add functions to your website. People can revoke your permission to handle their data at any time, so you’ll need a way of managing those requests as quickly and effectively as possible.
- Presenting individual consent requests for everything you want to do with people’s data (such as sending promotional updates, contacting by email, contacting by phone and so on.) These can’t be pre-filled. You may also need to contact anyone whose information you already have to update their permissions on each specific point.
- Ways for people to find out what data you hold about them. Ideally, they could submit their email address and find out exactly what you have or don’t have, in an easy-to-understand format.
- Ways for consumers to edit the data you have collected about them if it’s incorrect. Ideally, without needing to contact you first.
Some of these provisions are considered web development best practice, so you may already have some or all of them in place. If you don’t, or you find gaps, you have until 25 May 2018 to make changes.
The benefits of GDPR
GDPR compliance doesn’t need to be a chore. With good advice and a solid plan, it puts customers in the driving seat and builds trust and engagement, all while enhancing your reputation. If your digital presence could do with a shakeup, get in touch.