How might GDPR impact your website activity?

How might GDPR impact your website activity?

Most of you know the new GDPR regulations come into force on May 25th 2018 this year. GDPR should be seen as an opportunity to build trust with your users and and improve brand presence.  

We must however remind you that large fines are possible for non compliance - €20 million or 4% of worldwide revenue.

Most of the new regulations relating to your website are already required under the general data protection regulation but there are some new requirements that relate to the data collection and storage that we have outlined below.

This impacts all EU and many non EU websites that collect personal data, and/or provide goods or services to EU citizens even if you haven’t got a physical presence in EU.

In order to help our customers to check they comply we have opened a Jira ticket which offers our customers the chance to have their site audited (if accepted) and to set up any necessary changes required to collecting/storing any personal data.

1. Audit - what personal data is being collected on your website? Are you using cookies that are affected by GDPR? This will take an hour or two to check most websites and we will work on a time and materials basis. A question often asked is what is “personal information”? Any personal data about an identifiable person who can be directly or indirectly be identified  - in particular by reference to their device, IP addresses, cookie identifiers, and GPS locations.

2. Consent Request - Implement a Consent Request procedure for all existing data collected and for all new personal data to be collected.   

All personal data requires a “consent request” that means that inactivity and pre-checked boxes are not consent. Practically you need to have a form that is easy to understand, concise, and specific.

This is very important and we expect most of our customers will have to change they way they collect data to be compliant. Pre-ticked boxes, opt-out boxes or default settings do not constitute a valid consent request!

3. Privacy Policy

All websites should have an up to date privacy policy that details how you gather, use, disclose, and manage a user’s personal data. This can be simple and easy to date. For example

 

4. Cookies and GDPR

When cookies can identify an individual via their device, it is considered personal data whether or not on its own or in conjunction with other information. The majority of cookies are subject to GDPR for example cookies for analytics, advertising and functional services, such as survey and chat tools. Google Analytics in some circumstances may also be subject to GDPR.

5. Processes to consider  - How will you as Data Controllers respond to a request to update and remove any personal information? A user has a right to reveal what information is held about them, what they have consented to, where it is being stored and to have this consent removed at any time.

Get in touch to see how we can help!

Supadu takes no responsibility for customer compliance with GDPR As data controllers you must take your own independent advice on the full implications of GDPR on your business

Other blog posts you might like to read: