With about a week to go till the enforcement of the General Data Protection Regulation (GDPR), business owners and web developers are in a flurry to ensure that they are all compliant with the new laws. Failure to comply may expose your business to fines and lawsuits, and of course no business or website owner wants to be in that position.
In an effort to help clear up the new regulation, we’ve summarized the important points to consider if you are a business or website owner so you can stay ahead of the regulation.
Consider these 5 items to decide if you should be concerned about the new regulations.
The GDPR was adopted by the European Parliament in April 2016 and imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.
The regulation was adopted with the intent of providing users with transparency into what type of data is collected from them, as well as regulations on how that data can be collected, used, and managed.
If your business or website collects any personal information regarding your visitors, then you will likely need to be prepared to make some information security audits.
Businesses and website owners are required to comply with the following user’s rights according to the GDPR:
If you are geared up to give individuals their rights now, then the transition to the GDPR should be relatively easy. This is a good time to check your procedures and to work out how you would react if someone asks to have their personal data deleted, for example. Would your systems help you to locate and delete the data? Who will make the decisions about deletion?
If you are still scratching your head, trying to decide if you need to make updates to your website and data policies consider this: “Do I collect any of the following information from my visitors?”
To comply withe the GDPR, you will want to do an audit to determine exactly what data you collect. You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
You should document what personal data you hold, where it came from and who you share it with. The GDPR requires you to maintain records of your processing activities. It updates rights for a networked world. For example, if you have inaccurate personal data and have shared this with another organisation, you will have to tell the other organisation about the inaccuracy so it cancorrect its own records.
You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation. When you collect personal data you currently have to give people certain information, such as your identity and how you intend to use their information. This is usually done through a privacy notice.
Persons have the right to request access to the data that you have collected, and can request that you destroy any records you may hold. You should update your procedures and plan how you will handle requests to take account of the new rules:
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach. You should put procedures in place to effectively detect, report and investigate a personal data breach. You may wish to assess the types of personal data you hold and document where you would be required to notify the ICO or affected individuals if a breach occurred. Larger organisations will need to develop policies and procedures for managing data breaches. Failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself.
In the case of a data breach, or failure to comply with GDPR, companies can be fined up to 4% of annual global revenue, or €20 Million, whichever is more. This fine is not necessarily levied only after a breach. It could come from a failed audit. There is a lower tier penalty for lesser infractions that caps out at 2% and €10 Million, which could come as a result of simply failing to produce appropriate records for the enforcement authority.
So, does the GDPR affect you and your business? In short, yes it does. Remember that your website is likely accessible to anyone in the world. That’s where the old ‘WWW’ prefix comes from. It’s the WORLD WIDE WEB. It’s entirely likely that someone from the EU will access your website and potentially store data on your systems. Ignoring this regulation would be a mistake for any business or website owner.
Contact us and let us help you audit your website and data collection systems to determine the best course of action for your business.
You might also like:
© 2018 All rights reserved