GDPR – What does it mean in simple terms.
Who – Every company large and small will have to show themselves to be GDPR (General Data Protection Regulation) compliant and give people more control over their personal data.
What – There are a new set of EU rules coming into play that will mean that companies will have to show themselves to be much more careful with personal data or risk fines.
Where – Every company in the EU and Ireland …. and that means you will have to be compliant even if you trade with customers outside of the EU.
When – The rules actually kicked in 2 years ago but are becoming mandatory on 25th May 2018.
Why – The reason these rules are coming into force is help/force companies into taking the management of customer data much more seriously. It will also give people more control over their own personal data and privacy. Ultimately it will mean a reduction in accidental or malicious data breaches.
Understand? Now here is the nitty gritty on how it affects your website.
Right To Access – So if you have forms on your website before someone submits their information they must see a notice to make them aware that data will be stored by your company probably in the form of an email.
Privacy By Design – This means that you should only keep data that is absolutely necessary and check who has access within your company who need to use the data.
Right To Be Forgotten – You will need to provide the user with an easy way to delete the personal data and stop any future collection of data from them probably via an online consent form. You must be able to provide the user with a copy of their data within one month – free of charge.
Reporting Data Breaches – If your website experiences a data breach of any kind your company will be required to notify all of your users within 3 days of you becoming aware of the breach. You will need a procedure to detect, report and investigate a breach if it occurs.
So as you can see … there is a lot to think about. If you would like us to assist you in making your website GDPR compliant then Get In Touch and we will let you know what changes we think you need to make.
Important – The changes and recommendations described above refer to your website only and do not cover additional changes your company will need to make in relation to data stored on company IT systems.
For further reading please visit the Government Of Irelands of Official GDPR website – www.gdprandyou.ie