GDPR puts additional requirements on those that run websites that collect personal data from any EU citizen. I can help you make sense of how GDPR applies to your website and give you a plan to help you become compliant.
Why should you care about GDPR?
You’re a good human/company
Because GDPR is a good, human thing to be behind.
We should all respect people’s data and play nicely with it.
GDPR isn’t totally new. It builds on what you probably know as the Data Protection Act to give people power over their personal data.
That’s a good thing. For all of us.
You don’t really have a choice
Because if you run a website which collects personal data from an EU citizen, such as an email address, name or even just the fact that you logged their IP address, you have to.
It doesn’t matter what country you are in or if you aren’t a part of the European Union.
If you sell to, take information from, or log information about EU citizens visits to your site, you need to comply.
The fines for non-compliance can be huge
Because if you don’t, you could be fined 20 Million Euros or 4% of your global turnover, whichever is larger
The ICO (Information Commissioners Office) is now solely funded by income from fines and penalties.
Let’s not panic though. Unless you breach sensitive personal data, put someone at risk or are a largescale and/or repeat offender, the risk may be small.
What’s it all about anyway?
I hear you. All the news items, noise on social media can be confusing. GDPR is a fantastic thing. I was skeptical at first but the more I read about it, the more audits I carried out for people, the more I embraced the idea behind it.
The reality is that if you have been in compliance with Data Protection Act, the jump from that to GDPR isn’t that huge.
Lets Look at the key issues:
What is Personal Data?
Personal information can be anything which allows a person to be identified either directly or indirectly. For example:
- Identification number
- Email address
- IP address
- Phone number
What is Sensitive Personal Data?
Sensitive Personal Information for the purposes of GDPR is:
- political opinion
- religous beliefs
- medical records
- sexual orientation/status
- criminal records
What are EU citizens rights?
GDPR gives EU citizens the following rights:
- the right to be informed
- the right of access
- the right of rectification
- the right of erasure
- the right to restrict processing
- the right to data portability
- the right to object
- the right not to be subject to automated decision making/profiling
The deadline is coming fast. What can you do?
Paul Edwards is a Web Consultant & Front-End Developer in Worthing, West Sussex.
Paul can help you:
- Carry out an audit/privacy impact assessment on your website
- Generate a list of issues which need action
- Prioritise tasks in order of importance and impact
- Correct any issues in accordance with an agreed plan of action
- Provide ongoing website care
To discuss moving your website towards GDPR compliance call Paul on 01903 527927.