Is your website GDPR compliant for the new Data Privacy and security laws?

On 25th May 2018 the new EU data and privacy laws came into force. Your website needs to be compliant or you run the risk of very heavy fines if you do not protect the privacy and security of your website visitors and especially those filling in forms and personal information into your website.


Are you concerned about your website being GDPR compliant?

Times up the data law is now in force

 

Everyone is talking about it, some have been preparing for over a year, but now the deadline has passed, and by now you know that on 25th May 2018, the new General Data Protection Regulation (GDPR) laws came into effect, to protect individuals personal data. This new law affects the websites of all businesses and some aspects of your companies marketing, regardless of size, and heavy penalties in the form of fines, will be incurred for non-compliance.

To ensure you are compliant there are some Best Practice legalities that have to be enforced on your companies website and in your marketing processes. These best practices need to be implemented by everyone who has communications with individuals in the EU.  The best approach is to make sure you are GDPR compliant, and to deal with the changes required as soon as possible.

We have put together a specific GDPR package to help Small to Medium sized business get their websites compliant,  and ensure that any future data collected is well within these best practices.

 

Your GDPR Privacy Policy

Creating a GDPR Privacy Policy for your business is a requirement which needs to demonstrate and show a framework based on this ICO checklist >>> https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/data-controllers/

What does this all mean for your business?

If you collect any persons data from your website or outward marketing campaigns or just generally from a face to face meeting then you need to comply

GDPR applies to data collected via Cookies on your website, email forms collecting details, or any action that requires an individual to give you their details. Not only this, you must get specific permission from the individual that they are happy to Opt-in and also have the option to Opt-out. You cannot  assume they are giving permission, they must tick a box or some other form of action to say they agree to you receiving this information from them and that you will take care of it securely.

GDPR is in place to protect individuals, whereby their details could be traced back through methods such as their computer’s IP address (commonly known on your website as Cookies).

Users should be informed that you are collecting their personal data and they MUST be able to easily opt-in and opt-out of this.

 

And there’s more……... 

 

~

Control and Notifications

All businesses that collect data from an EU Citizen will need to:

  • Protect all individuals personal data with security such as encryption. And any of your platform providers need to comply, please check they are. For instance Google Analytics and Facebook are and have produced their own documents.
  • Should you encounter a security data breach you have to inform the authorities and your customers within 72 hours of it happening
  • You have to obtain consent to process data that you collect in respect of what do you do with it once you have it.
  • You must also keep detailed records of how you obtained the data. This can be in the form of a detailed spreadsheet, and sample downloads can be found on the ICO website.
i

Policies & Documentation

First and foremost companies are required to produce viewable documents to provide enough evidence that they are compliant :

  • Being completely transparent about their data collecting
  • Give an outline of how you collect the data and what you will do with it in terms of processing when you have it.
  • And to define your data retention and deletion policies

Make sure you have up to date Privacy Policies, Terms of Service, and your Datasheet records of collected data.

Employee Training & Responsibilities

The Law requires that all businesses nominate an individual within the company or other office as Data Controller and this person will be designated as in charge of the companies data security and policies, and to ensure all members of staff are trained and aware of what the GDPR law is about and can show and communicate the information to other employees, customers, suppliers etc.

 

We are not Lawyers and  recommend you seek your own independant legal advice.

Our information is only a brief outline of the full GDPR law and we recommend you visit the ICO website for more in depth information HERE

But we can hep get your Website GDPR compliant, and put the necessary documents in place for you. Please get in touch for more information on how we can help you.

Get in touch now and get your business website GDPR compliant

Optimise Your Business Today!

Get A Free Consultation

Your new customers are waiting for you to show up

Get started today

Contact

Somerville Marketing Solutions

Sutton Coldfield, West Midlands

01213 552965

contact@somervillecommunications.com

 

 

Get Social with us