What Is GDPR All About?
GDPR – General Data Protection Regulation – had been a hot topic over the last few months of 2017, rising to somewhat of a frenzy as the year came to an end. During discussions earlier on in 2017, many thought it might come to nothing and be treated like the EU Cookie Law, where very few people took any action. This is not the case with GDPR.
The new General Data Protection Regulation has been introduced to improve digital privacy. It’s an idea that has been in the pipeline for almost 8 years and is welcomed by anyone who has been affected by data breaches and exposure of their personal information in the past. Visitors to websites will have more control over their data and it makes websites owners focus more on what information they really need, how they use it and how they protect it.
The current Data Protection Directive – DPD, which has been in place since 1995 to protect citizens of the EU, has been in need of an update to bring it in line with the modern technologies that are used to collect, analyse and store our personal information.
Why Do We Need GDPR?
Many clients have asked us this question, “Why do we need this GDPR thing”
The main point about GDPR is how it’s forcing website owners to rethink what information they are requesting from their website visitors/customers, re-assess what they do with that information and how that information is stored. Once you become accountable for all the ‘Personally Identifiable Information’ you collect, it’s time to decide exactly what information you needed in the first place.
Contact forms are a great example of this. Of course, you want to know who is making an enquiry and obtain a means of responding to their request, but do you need to know their home address, date of birth, relationship status or other personal information on this initial contact?
Much of this depends on your particular business or field of interest. Some enquiries will need to be ‘richer’ with the data they provide, allowing you to respond effectively. However, it might also be an opportunity to minimise the information you ask for during this first point of contact, creating an opportunity for you to engage on a more personal basis, initiating a dialogue with your potential new customer and building a rapport with them.
There’s also the question of all the data that is collected about website users, possibly without them realising it. This includes information that is captured, analysed and stored by services like Google Analytics, and tracking a site visitors movements and actions with Cookies. Much of this can be for the benefit and overall improvement of the user’s experience on a website, but it’s only fair they understand what is happening in the background and why, as they surf around the web.
We are all no doubt aware of recent breaches in the security of many popular and prominent websites, which has resulted in personally identifiable information being leaked onto the web. Was it necessary for all this information to be held in the first place? How long should these websites have held on to it? What actions did they take to protect it? And, how easy was it for users of those sites to request their data be removed? GDPR challenges all of these questions.
How Can I Comply With GDPR?
So whilst this may seem an upheaval for some, with more red tape getting in the way of conducting business on the web, there are genuine reasons why this is being implemented.
Website owners also need to identify and register a Data Controller. This all depends on where the business is based and the number of employees it has. If you store any personally identifiable information about clients, suppliers or others, you are required to register with the Information commissioner’s Office – ICO. You can do that here: https://ico.org.uk/for-organisations/register/
If you already have a website, you will need to contact your developers or the person who manages your website and ask them what action you need to take. You should also review your ‘offline’ practices in respect of any details your store about customers, suppliers and other contacts. Think about what action you take to protect any personally identifying information and perhaps what you can do to improve this.
Fines for failing to comply are very high, so it’s time to accept the future of privacy on the web and implement a sensible plan for dealing with it.