20/04/2018
This blog will cover everything you need to know about GDPR. If you need to get your website GDPR ready, then read our post!
Ah yes, the omen that’s been lingering over everyone’s heads for around a year. Within the next few weeks, GDPR will come into play. You may have heard when the deadline is. But you may not have. (it’s by May 25th). But, you may not know what it is or what it entails too. It was announced last year in 2017, that there would be new regulations in place to protect user’s data. Thus, GDPR came to be. It’s due to be implemented by 25th May (this date is important, so you’ll be reading it a lot…)
Your business and website must be GDPR compliant, otherwise you’ll be breaking the new regulatory standards set in place. In this post, we’ll get into what GDPR is, how to get yourself ready for it and everything around it too. Everything you need to know about GDPR, all in one place.
After freely giving away our personal data to companies and businesses in exchange for, *ahem* free services, Europe and the rest of the World have had enough. After 10 years or so of ticking the terms and conditions no one ever reads, and not being given the option to opt-in, GDPR is coming into effect to change that.
The world has spoken and said it’s time to treat users’ data more fairly. That means users’ data is going to have a lot more protection. The new regulatory standards will replace the UK’s Data Protection Act 1998.
It stands for General Data Protection Regulation.
It’s about making sure our data is used fairly by companies. We’ll now have to opt in for email alerts as well as providing data. Companies will have to inform us how the personal data we provide will be used, who will see it and who will use it – yes, we’ll know if our data is going to be sold to third party companies. For businesses and companies that don’t follow the rules? Some big fines.
Yes, it can be as much as €20million or 4% of global turn over – whichever is greater. Not only that, but businesses could face compensation charges and lawsuits against your company, as well as a potential loss in consumer faith in companies too – meaning more and more profit loss.
After years of having our data misused and handled unfairly by companies, the EU decided that it’s high time we protected our personal data better. With huge companies like Amazon, Facebook and Google – to name a few – using our personal data for god only knows what.
Yeah, we’re looking at you Zuckerberg following the ` scandal.
This is a prime example of how huge companies can misuse data we provide to them, so, it’s important that from a business owners perspective, you become GDPR compliant. You wouldn’t want you own data used and abused, so why do it to anyone else? Plus, think of all the fines and potential loss of earnings, that should make any business owner prepared to comply with the new regulations.
Enforcing GDPR protects users’ data and business owners from receiving hefty fines.
If you store customer data, then you are a data controller or processor – and, therefore, must be compliant with GDPR. GDPR pretty much applies to any company that stores a user’s data. It’s essential that all businesses be aware that a data breach can be severe for your company. If your users’ data is compromised, you could land yourself in hot water. Pay outs and fines to be exact.
But, what does GDPR mean to you.
Well, it means that the data you collect from users or customers, needs to comply with GDPR standards. The data you collect must be used lawfully, transparently and for a purpose. What this means is below:
Lawfully – Users must have consented that their data can be used, and of course, it must be used for legal purposes too. Data controllers must ensure that the user’s essential data is not misused; for example, to protect against fraud.
Transparently – The user must not only consent to their data being used but must be told how it will be used. Why you’re collecting their data, who will use the data and if it will be supplied to third party companies.
Purposefully – Finally, data collected must have a use. It cannot be held for the sake of being held. If companies collecting data have no legitimate reason for holding it, it must be deleted within a set time-frame.
If you’re collecting users’ data, you need to ensure you comply with GDPR standards by 25th May.
This is a fairly simplistic process, it may involve some updates to your website and T&Cs. Instead of the world renowned ‘opt out’ button, you’ll now have to supply an ‘opt in’ button. As well as outlining what you’ll be using the data for, who will be using etc. You must keep record of data and consent too, as you’ll have to permanently remove data when users opt out. Users can choose to have their data removed at any time, and this must be reflected as a clear option for your users.
All user’s will have the ‘right to be forgotten’ which means, businesses and companies must remove and erase all of a user’s stored data. GDPR also dictates that if the data is no longer being used for a relevant purpose, it must go. And it falls to data controllers to remove a user’s data properly.
Whilst a user can consent to their data being used, they can remove it at any time and you must remove it if it no longer has a purpose.
With GDPR coming into effect, it’s essential to understand which data is considered personal data. Under GDPR, personal data is considered to be:
Like we’ve said, it’s about making sure user’s data is treated more fairly. So, as a user, you have the right to remove all personal data stored by companies, at any time you wish. You must opt in to allow your data to be used. And as a company you must comply with GDPR standards – or else…
One of the biggest concerns for business owners surrounding GDPR is those that use third party sites to collect customer information. Yes, businesses that use Facebook, Google or even email marketing tools like MailChimp, are concerned over receiving a fine over GDPR. This is not the case.
See, the company you use must be compliant with GDPR, or, they’ll face the fine. The same goes if they encounter a data breach – they’ll be the one footing the bill. So, try not to panic too much. Companies like WordPress and other data services you may utilise for your business will all be compliant with the new regulatory standards – so fear not.
Users’ data on third party sites will be compliant with GDPR, as every company that stores EU users’ data, must be. So, no surprise fines in the post for other companies screw up.
So, if you’re looking to get your ready for GDPR, there’s some key information you’ll need to know. Well, it’s the information we’ve listed above, but to up our word count and make your life easier, we’re going to put it in big bold bullet points for you to read.
Yes, with any form or collection of user data, you’ll need to ensure that there is a clear opt in option for your users. You’ll need to update your website with a GDPR statement, as well as making sure you have a clear opt in option for users.
You need to be clear with what the data is being used for, who it’s going to and why it’s going to them etc. Remember, to make sure the data you collect is used lawfully, transparently and purposefully.
It’s imperative to remember that when someone wants out, they get out. You need to remove a user’s data when they say OR if the data is no longer being used with a purpose. Delete it!
Luckily, most big companies have sorted out their GDPR. So, any tools you use (like MailChimp) will already be compliant with the new regulations coming into play
Even though we are leaving the EU (eventually), the GDPR still applies to all UK businesses. So, please don’t use it as an excuse. Remember it’s about treating all user’s data fairly. Make sure your business is GDPR compliant.
If you need a hand in getting your business or website ready, we can assist you. For large scale companies, hiring a data protection officer is advisable. However, if you’re a smaller business, the Revive team can help you through anything you don’t understand or even get your website ready for GDPR.
Use our contact form to get in touch.