Our take on GDPR

by Laura Hunter & Claire Chappell

On 25th May the way a business handles personal data is set to change with the introduction of the General Data Protection Regulation or GDPR. These rules will give companies new responsibilities and your customers new rights over how their personal data is held. A lot of our clients have been asking how these regulations might affect their websites.

“We are not legal experts in the field of GDPR. If in doubt work with a legally qualified professional or visit the Information Commissioner’s Office website at www.ICO.org.uk

We have been working on our own GDPR compliance over the past few weeks and are happy to share details of the work we have been doing. However, please note that implementing GDPR for your company is your responsibility, not ours.

However, we are happy to point you towards resources to help you get started.

“You are responsible for your own companies GDPR compliance.”

Who does it affect?

GDPR affects all businesses regardless of size who collect and keep personal information. It covers not only electronic data held on databases and computers, but any information held on paper. This includes any written down customer details, an address book of clients or any documents held in a filing cabinet.

How does this apply to my website?

If your website has a contact form, allows people to leave comments, has an online shop or allows donations you need to review your policies regarding the data you collect. If you run events and take peoples details for this or have a newsletter sign up option on your website this also needs to be reviewed.

What can you do?

Start by reviewing your current processes. Identify what data you have, how you use it and how long you keep it for. Delete any data you no longer need.

Make sure all your data handling policies are documented and reviewed regularly. Create robust privacy policies, considering all the avenues that data is taken from. Put a policy in place to determine how you will deal with information requests from people who want to know what data you hold on them. Add your privacy policy to your website to signal the way you handle data.

Ensure all your systems, whether electronic or paper are secure. Use online security and create strong passwords for files on computers and ensure all paper documents are held under lock and key. If you gather data from your website you should add SSL so all data sent to and from your site is encrypted.

Review how you gather, record and manage consent from people to hold their personal data and change your policy if necessary. This is especially important if you undertake email marketing. People must be able to opt in to you holding their details and have an easy way to opt out.

The Disclaimer

Please be aware this content is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to your organisation. Work with a legally qualified professional to determine how GDPR will affect to you, and how best to ensure compliance.