The General Data Protection Regulation (GDPR) is Europe’s new data protection law that is coming into force on the 25th May.
WHO DOES THE GDPR APPLY TO?
‘Anyone who processes personal data of European citizens’.
Essentially, any global business who targets European customers/audiences.
If you are a SME and use platforms such as Shopify or WordPress to host your site, don’t fall into the trap of thinking they are the ones responsible for data compliance because they are not, you are.
Do you need more information? Contact us now for expert advice on making your website compliant before the law goes live on 25th May.
WHAT IS DATA AND WHAT CHECKS MUST BE IN PLACE TO USE IT?
Data is direct or indirect information on an individual by which they can be identified.
- Permission must be sought to use/store it
- Data must be stored securely and used responsibly
- Clear opt out clauses in place should people wish to withdraw their permission
- Old data must be reviewed and securely erased if necessary
- At the customers request all their data must be, in its entirety, securely deleted from the system
- No sharing data with third parties without consent, even inadvertently.
Should a breach be detected that may ‘result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage’, it must reported to both the ICO (in the UK at least) and the data subject, within 72 hours.
There are devastating fines in place of up to €20 million or 4% of annual revenue which could be fatal to most SMEs.
For more info follow this link to a twelve step procedural plan set out by the ICO.
Complete these self-assessments and explainers to determine whether your website and practices are compliant with the new laws.