What even is GDPR?

You may be aware that the EU General Data Protection Regulation (GDPR) went into effect 25th May 2018. While it was a buzzword at the time that business owners across the EU were panicking about, it’s something we don’t hear about too much now. So, for those who may be just starting a business or expanding online for the first time, what actually is GDPR and why does it matter?

At its core, GDPR is about protecting the personal data of individuals. This covers a broad spectrum from ensuring personal data is kept secure, to ensuing that companies are not scraping as much information on you as possible and selling it to the highest bidder. GDPR gives you as a customer rights to what your data can and can’t be used for, and tells businesses how they should act. When thinking about website design, data protection is likely not the most important thing on your checklist, but it pays to give it the attention it needs to ensure you have the trust of your customers and to avoid exorbitant fines from the Information Commissioner’s Office. We’ll talk a little deeper about what you need to keep in mind to play by the rules, but first its worth talking about the elephant in the room…

EU and You

You might be thinking, “what’s the fuss, GDPR is an EU thing, and therefore not my problem”, unfortunately, things in the data world are not quite that simple. While GDPR may have started as an EU wide data protection initiative, we are still bound by it during the Brexit transition period and it runs parallel to the UK Data Protection Act 2018. Upon Brexit day itself the 2018 Act will combine with the requirements of the EU’s GDPR, to create a UK GDPR so the current requirements will continue, no matter the Brexit deal reached.  

Does it affect my website?

Yes. Any information you collect from your customers, is data that must be kept securely and used for the correct purpose. That means that if people sending enquires, signing up for a newsletter or making a purchase, they are all, one way or another, sharing their data with you. We just have to make sure that your new website is prepared to play by the rules.  

What do I need to do?

Firstly, your site needs a privacy policy. This is a document which will outline the data you collect, the reasons you will hold on to it and use the data, as well as informing visitors of the rights they have over their data. We have to think about where data would be coming from.

A contact form could be used to collect information so an enquiry can be responded to, or as part of a marketing campaign. Customers must be given the ability to opt in for their data to be stored for future uses like a mass campaign, rather than automatically being signed up and saved to a database when they interact with your website.

Any customer data that you do store must be saved in a secure environment, and should not be held on infrastructure outside the European Union, to avoid being hit with large fines, many American sites simply block all traffic from European counties as their privacy policy and data protection system would not be good enough for GDPR requirements.

What can my customers do?

One of the trickier things to get your head round, is that if a website visitor signs up for a newsletter and provides you with their email address and other details, the data provided remains the property of that customer. They may have provided you the information, and it’s stored on your web server, but it is still owned by the individual. Because of this data can’t be sold on to another company, and customers have rights when it comes to their data. A customer could in theory request to find out what data you have about them, how it will be used and can request the data gets deleted or sent to them. While it is very unlikely a customer will ever make such a request, just keep in mind that it’s something you would need to comply with.

A bit confused?

There’s a lot to think about when it comes to GDPR and data protection. Hopefully this post has given some guidance, but to find out more pop on the reading glasses and have a look at gdpr.eu. When it comes to new website design, we do everything we can to take away the GDPR headache, so feel free to book in a call with our team to find out more about how we ensure your customers data is kept secure.