How will GDPR affect your site ?
I’m sure that you are already aware that on 25th May 2018 the current Data Protection Directive 95/46/EC is being replaced by the General Data Protection Regulation (GDPR). This means the way we collect and process data is changing. Essentially your website needs to make it clear what data you are collecting a how it will be used. Here are some steps.Thanks to Splash News.
Below is a 5 step guide to help you be GDPR compliant.
1. No more pre-ticked boxes
For you to be able to collect and process users information, each user must given clear consent for you to process their personal data. This should be done as a OPT-IN method, for instance – users must be able to tick a box allow you to send them marketing material rather than that box being pre-ticked and the user is required to untick the box thereby making it an OPT-OUT option.
2. Separate consent
Wherever possible, users should be able choose which type of marketing they would like to receive.
3. Easy OPT-OUT
If you’re providing an easy Opt-In process, you must provide an equally easy Opt-Out option. Users must be able to withdraw their consent. This could be allowing users to unsubscribe from your Newsletter.
4. Watch those cookies
Cookies that identify an individualvia their device, it is considered personal data and must be treat as such. Implied is not consent – If your website uses cookies, you must obtain users permission.
5. Website Privacy
You will need to update your website’s Privacy Policy to include the new items under GDPR. You will need to make it clear how you will be collecting individuals’ data and what you will be doing with the data once you have received it.
In Summary
Replace your pre-ticked tick boxes with empty onces – remember clear consent is required. Give users more choice – Allow them to choose which type of marketing they would like to receive from you. Right to withdraw – Allow users to Opt-Out as easy as they can Opt-In. Declare your cookies – If your website uses cookies, you must give users the option to Opt-Out of using them. Website Privacy – Update your website privacy policy to come inline with the new GDPR.
GDPR is a complex regulation and extends far beyond your website.
If you are in any doubt about your obligations to GDPR – we would suggest you contact a legal office.
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key articles of the GDPR, as well as information on its business impact, can be found throughout this site.
he European Union General Data Protection Regulation (GDPR) is a set of rules about how companies should process the personal data of data subjects. GDPR lays out responsibilities for organisations to ensure the privacy and protection of personal data, provides data subjects with certain rights, and assigns powers to regulators to ask for demonstrations of accountability or even impose fines in cases where an organisation is not complying with GDPR requirements. Understanding GDPR requirements can sometimes be a daunting task. So, let us understand the key GDPR requirements.
View the 10 requirements here to be GDPR compliant.
1) Lawful, fair and transparent processing
2) Limitation of purpose, data and storage
3) Data subject rights
4) Consent
5) Personal data breaches
6) Privacy by Design
7) Data Protection Impact Assessment
8) Data transfers
9) Data Protection Officer
10) Awareness and training