Businesses must comply with it otherwise they could be hit with huge fines and/or lawsuits.
Ultimately, every single business must tell its users about the data it is collecting on them – being GDPR compliant helps protect users’ data.
Understanding the law and knowing what you need to do to make your business’s website compliant can feel daunting – here we outline why it is so vital and how you can easily comply.
What is GDPR?
GDPR is an EU regulation designed to protect the privacy of all EU citizens, including how data is used and extracted from users go to a website.
Seeing as every website could get visitors from the EU region, they should all be thinking about compliance.
What is meant by ‘personal data’?
What constitutes personal data is not just the obvious details. As a rule, it is any information that relates to an identified or identifiable individual.
The list below exemplifies what this could entail, but it is non-exhaustive:
Information that is truly anonymous is not covered by UK GDPR.
What about UK GDPR?
The Data Protection Act 2018 relates to the UK’s implementation of GDPR.
As set out by the UK Government, everyone who uses personal data must comply with ‘data protection principles’. This means information is:
GDPR and websites
The GDPR law is very detailed, but there are some key features that businesses need to take note regarding their website. Websites must:
Businesses almost must make sure they report any serious data breaches within 72 hours of the breach.
What happens if you aren’t compliant?
If your website does not comply with GDPR laws when it is meant to, you could be fined up to 20 million euros or 4% of your global turnover.
You may have seen the news when big businesses like Yahoo and Uber had serious data breaches. In 2016, for instance, Yahoo was impacted by a data breach in which the data of 500 million accounts was compromised.
How to make your website GDPR compliant
There are lots of factors involved with making sure your website is GDPR compliant – and lots of different areas to address – so it may be best to seek legal advice from a lawyer who knows GDPR well.
But there are a number of actions you easily take to make sure you are compliant:
To start off, go through and list all the data collection points on your website. These may include a registration page, a checkout page, IP addresses and many others.
If you use WordPress for your website, you’re in luck because it has built GDPR compliance into its design.
You need to make sure you update your WordPress version to 4.9.6 or higher because it has these built in privacy settings, including new data export and erase features, a policy generator and the ability to get explicit consent in comments.
You should also encrypt traffic on your website as way of being GDPR compliant, which simply involves using https in your site address. If users can see the https they naturally trust a site more.
You must explicitly notify users that your website is collecting cookies.
Do this by creating an overlay which has a cookie notification plugin.
Users must be informed that your website will collect their personal data when they use forms on your site, such as contact forms, opt-in forms and registration forms.
The best way to do this is by creating a tick box users can click on enabling them to accept your terms of service.
You need to add another tick box to tell users you will send them marketing communications.
You must then ensure your terms of service are detailed and up-to-date.
It’s crucial not to forget third party plugins or services you have on your website, for example Google Adwords and Google Analytics.
To do this you’ll need to make the data collected anonymous before the storage and processing.
It’s important to have a system to be able to tell users about any data breaches and policy updates on your website.
You could do this via a GDPR compliance plugin, as well as sending an email out to users updating them about policy changes.
Summing up
While complying with GDPR law can be painted as extra work for no reason, it is ultimately beneficial to your business to make sure you’re compliant.
At it’s core, the law exists to prevent data breaches and, most importantly, to make sure people’s personal data is not misused.