What is the GDPR?
The General Data Protection Regulation (GDPR) is a new European regulation that has been designed to strengthen the existing data protection for all EU citizens and residents. If a business wants to provide products and services to EU citizens, then businesses need to show that they can protect their data.
Essentially, anyone who collects and processes personal data of living individual (who is defined by the GDPR as a Data Controller) is required to comply with the new regulation, or face strict new fines. These processes can include internal databases, mailing lists, websites, email and more.
The GDPR document can be found at: https://gdpr-info.eu/ and will come into effect on the 25th May 2018.
With GDPR, consent is a big part of the GDPR, now, as a business, you must show that you are doing everything you can to protect the personal information you are collecting. Explicit permission must be obtained before you collect the data, any deviation from this could lead to trouble later.
In addition to receiving the consent to add the customer to your database, you must also only use that information for the specific purposes that you have stated. For instance, if you have stated that the information will be used for notifying the user of new products. Then you can only contact the person about new products, and not try and sell information about existing products.
Keeping the above in mind, you need to think about:
- What the data is going to be used for?
- Where is the data going to be stored?
- How long do you need the data?
Additionally, if you sign people up or collect information, there must also be a way for the user to remove their information from your databases. Within your website you should have a page or a link to information which is easily found explaining how to remove the user’s data.
Privacy policies now play an important part of the website, if you don’t have one, you should look at creating one and have it easily found within your website.
The policy should state how the information will be collected, for how long and for what reasons. If your website links to third-party sites you should also state if their information will be passed to these sites.
This policy should state which cookies you have on your website and what information will be obtained, this could be:
- IP addresses
- Computer information
- Name, email etc..
Additionally, you should also state how long this information is kept for.
Location of data
The GDPR is the protection of data for EU citizens, and with this comes the location and storage of information. Under GDPR you are only allowed to store personal data within the specified EU locations, or within countries that have data protection laws that are up the agreed levels.
For ICO has more information about the storage and sending of personal data, which can be found here: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-8-international/
We hope this post if informative for you and that you check to make sure you’re doing everything you can to ensure your website is up to date wit in the impending GDPR.
TeraByte have several blog articles and services available to help you understand the new changes, which can be found at https://terabyteit.co.uk