One of the biggest changes in the way data is stored and managed is coming in May 2018, known as General Data Protection Regulation, or GDPR for short. This new directive from the UK Government came into force on 25th May 2018.
What is GDPR?
As a business, charity or organisation you are classed as a data controller, your website possibly collects data from customers and visitors through online forms, shopping carts, contact forms or newsletter subscriptions. That data is then stored electronically either on a computer or web server and so is being processed either by staff or third party companies.
As data controller the data is owned by that company and all decisions on what should be done with the data are made by the same company, the data processor is the system or resource that processes the personal data but has no interest in the data content.
All businesses, companies and organisations will have greater responsibility of the data that they obtain and store for legitimate reasons relating to their business area. The personal data must be obtained willingly, fairly and with consent. The data must be stored confidentially and ensured the data is up to date and accurate.
How will GDPR affect data that is captured?
With the new regulation coming into force in May 2018 all companies, businesses and organisations are required to provide their customers or visitors with at least some of the following:
- The name and contact details of the data controller
- The purposes and reasons for collecting the data
- The period for which the data will be stored
- Countries and organisations that the data will possibly be transferred to and the protection offered by the third party
- How the data will be destroyed once it is no longer required
- The source of the data if it hasn’t been collected from the customer or visitor
- Provide details of data entry points within your business
What can I do to comply with GDPR?
We are by no means experts on GDPR and the exact laws and legislations surrounding it, we are not legally in a position to tell clients the right or wrong way and so if you are concerned seeking legal advice is the best solution, we are however clued up and have researched and attended seminars on GDPR and data protection so we can review and advise clients where necessary.
If you would like us to carry out a review of your website to highlight data entry points and forms that capture personal data please contact us for a quote. As well as this website privacy policy documents will also need to be updated to include information on the points listed in the section above.
Can you provide a checklist to help my business with GDPR?
Yes of course, we have put together the following checklist that will help you get up to speed and ensure you and your company or organisation is ready for GDPR, by the 25th May 2018 you need to have started making the initial steps towards being GDPR compliant:
- What personal data do you currently hold?
- How did you get that personal data?
- What do you do with that data?
- What security arrangements do you have around that data?
- How do you ensure that data is kept up to date?
- What arrangements do you make to ensure personal data is deleted when no longer required?
- What data do you give to third parties?
- If you buy in marketing information containing personal data, on what terms did you get the data and how do you use it?
GDPR Summary
To put GDPR in summary, firstly don’t panic, you are not going to get arrested over night. But you need to ensure the data that you hold and process is done so confidentially and for good reason connected to your area of business. The data you use must have been captured fairly and honestly and the recipients be aware of this.
You can no longer auto enrol customers and visitors into newsletters or send them marketing materials when they haven’t requested it, customers are able to put in a subject access request which will mean you providing them with the information you store about them and for what reason.
For further help and advice please contact us.