How to make your website ready for GDPR
By 25 May 2018, the UK will be replacing the Data Protection Act 1998 and introduce the EU's General Data Protection Regulation (GDPR). But what exactly does this mean?
GDPR intends to give people more autonomy as to how their data is stored by websites and organisations, as well as introduce large penalties for business owners whose companies that fail to comply, or who encounter data breaches, reaching up to a staggering £20 million euros (it was previously capped at £500,000). How can you make your website ready to comply with the new GDPR regulations? We explain how.
Add encryption
It is highly recommended that websites and software such as payroll software have additional encryption for their website in order to be fully prepared for May’s new regulations. It is encouraged that all websites have an SSL certificate (that starts with https) to help to reduce the threat of security attacks and data breaches.
There are other ways you can add encryption to your website for extra security. For example, having specific IDs for customers. The way in which this works is that should a data breach occur, the exact name of the customer will remain unavailable to the hackers, as their data will be under a specific ID.
Deleting customer information
Under the new regulations there will be a much stricter enforcement when it comes to allowing customer data to be removed from a company’s website. Website will have to comply, and remove all personal information entirely from their systems, should that person request that they do so.
Detailed privacy policy
It is vital for websites to have a comprehensive privacy policy in place prior to the implementation of the GDPR in May. The policy itself should detail fully exactly how long they will be storing data for, as well as making it clear how users can request the data, as well as who they can contact about it. Website owners can always refer to compliance consultants for a professional opinion.
Mailing lists
One important ruling that will be introduced as a result of GDPR is that there will be much bigger consequences for adding people to mailing lists without their permission. Whilst this has been the case under the Data Protection Act, the enforcement of this ruling has been very relaxed up to now.
This is why you may have started to receive emails from websites over the last few weeks asking if you still wanted to subscribe with them - it is in the run-up to GDPR. A large number of companies are concerned that this may affect the number of people they have on their databases and their client base.
Applications and submission should be dealt with carefully
GDPR is going to introduce much greater transparency as to why websites and organisations are holding the personal data of users, and this means that websites will have to state this very clearly on their sites in order to remain compliant. For example, your website may need to state what personal information is being processed in a privacy policy, or address the issue directly on the homepage or on an online form.
Processes
Lastly, website owners and companies that operate online are recommended to have some formal processes or procedures in place in terms of how they treat customer data. Having a mindset and culture of protecting customer data and treating it carefully is essential to operate a successful website online moving forward.