What is GDPR? How Does It Affect Your Website?
General Data Protection Regulation (or GDPR as it is more commonly known), is being introduced to overhaul how businesses process and handle data.
Key Questions
- When Do The New Regulations Begin? 25th May 2018
- Who Will Be Enforcing It In The UK? The Information Commissioner’s Office
- What Is Different? There are new rights for people to access the information companies hold about them, obligations for better data management for businesses, and a new regime of fines
- Will GDPR Be Impacted By Brexit? The UK is implementing a new Data Protection Bill which includes all the provisions of the GDPR. There are some small changes but our own law will be largely the same.
GDPR and other data protection laws rely on the term ‘personal data’ to discuss information about individuals. There are two key types of personal data in the UK and they cover different categories of information.
What Is Personal Data?
Personal data can be anything that allows a living person to be directly or indirectly identified. This may be a name, an address, or even an IP address. It includes automated personal data and can also encompass pseudonymised data if a person can be identified from it.
What Is Sensitive Personal Data?
GDPR calls sensitive personal data as being in ‘special categories’ of information. These include trade union membership, religious beliefs, political opinions, racial information, and sexual orientation.
Taking A Closer Look
We understand that this new regulation looks particularly complex and have written this article to help provide answers to some of the more commonly asked questions, starting with what is GDPR exactly?
Please Note – You can find all of the important information on the official website by clicking here.
What Actually Is GDPR?
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.
Who Does the GDPR Impact?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
What Are The Penalties For Non-Compliance?
Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.
There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
What Is The Difference Between a Data Processor And a Data Controller?
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
The conditions for consent have been strengthened, as companies will no longer be able to utilise long illegible terms and conditions full of legalese, as the request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent – meaning it must be unambiguous. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
Explicit consent is required only for processing sensitive personal data – in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice.
What is the Difference Between a Regulation and a Directive?
A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to decide how. It is important to note that the GDPR is a regulation, in contrast the previous legislation, which is a directive.
Does My Business Need to appoint a Data Protection Officer (DPO)?
DPOs must be appointed in the case of: (a) public authorities, (b) organisations that engage in large scale systematic monitoring, or (c) organisations that engage in large scale processing of sensitive personal data (Art. 37). If your organisation doesn’t fall into one of these categories, then you do not need to appoint a DPO.
A more in depth analysis of the one-stop-shop policy debate can be found here.
Currently Browsing: What is GDPR? How Does It Affect Your Website?
Are You Prepared For GDPR?
The upcoming GDPR (General Data Protection Regulation) will see the introduction of a new set of regulations relating to the storage and usage of personal data that organisations within the EU must adhere to. The deadline for compliance with GDPR is 25 May 2018.
Should You Be Concerned??
There can be little doubt that when you first start reading about GDPR, it can seem overwhelming. However, in reality, GDPR can be viewed as an extension of the existing Data Protection act which has been around for two decades and if you are already in compliance with these, you are well on the way to compliance with GDPR already.
What Are The Main Changes?
GDPR is being implemented to regulate the way that companies obtain, store and process personal data. If you believe that this will affect you in any way, we’ll look below at some of the key areas that you need to address.
No. 1 – Understanding Your Requirements
The key 1st step towards achieving GDPR compliance is gaining an understanding of how the new regulations will impact your business. Only by learning which processes your organisation must put in place will you be able to understand the areas it will impact. Taking the required steps to ensure that all employees who collect and process personal information know about the GDPR and how it might affect their work is essential.
No. 2 – Taking Responsibility
Having someone in place who will be able to lead data protection regulations within your business is important. They will be able to oversee how your data is handled to work towards GDPR compliance as you move forward.
Please Note – There is no reason to employ someone from outside of your organisation to do this job.
No. 3 – Putting The New Processes In Place
It is very likely that you will find new processes will need to be put in place to ensure compliance and below we have identified some of the key areas to focus.
- Current Data Audit: You must work through everything to see how you currently collect and process data to ensure that it complies with GDPR regulations. If not, you must take steps to correct this. (you may find some issues arise around whether the correct consent has been obtained to collect or use data)
- Making The Required Corrections: If you have not obtained the required consent to use or retain data, you must take steps to do so.
- Future-proofing Your Process: It is important to ensure that you identify an accurate and compliant way to collect and use data covered by GDPR.
- Ensure Transparency: It is important to ensure that you have everything documented so that should you receive any queries regarding the data you have stored (either from an individual or during an official audit), you can provide all of the relevant information.
Some Official Advice On GDPR Preparation
The good news is that Information Commissioner’s Office, who will be regulating the GDPR in the UK, have produced a variety of documents designed to provide insight and information regarding all aspects of GDPR implementation.
To help guide you through the mountain of information, we have highlighted 3 of the documents that we believe help to shed some light on the key areas.
- Preparing for the GDPR – 12 Steps to take (PDF)
- Checklists
- A general GDPR guide
Currently Browsing: Are You Prepared For GDPR?
The Number One Way To Build Trust About Your Website & Your Business
Finding a way to ensure that genuine customer reviews are left about your business on reputable 3rd party websites has never been more important. Relating to both your reputation and your Google rankings, customer reviews are now the ‘go to’ areas for new customers looking for information before making a purchase.
Basically, there are 2 types of customer review. On-site reviews and 3rd party reviews.
- On-Site Reviews – These reviews are usually submitted directly to the business and will then be added to the website in the form of either ‘reviews’ or ‘testimonials.
- 3rd Party Reviews – These reviews are typically left on 3rd party websites (which are not controlled by the business) including Trustpilot, Google + and Yelp. These may then be displayed via the business website.
Don’t Underestimate The Benefits Offered By Online Reviews?
The addition of reviews to your website (both good and bad) will offer the chance to add regular unique to your website. Not only this, reviews provide new customers with an idea of the type of experience they should expect to receive.
Making it as easy as possible to leave reviews is crucial if you want your customers to leave their views on your business.
Very few people will take the time to leave their thoughts without some sort of prompt. A clear guide on your website or an e-mail reminder will prove to be beneficial.
Should You Worry About Negative Reviews
The main reason many businesses do not offer their customers the opportunity to leave reviews is because of concerns about receiving bad ones!
However, the truth is that bad reviews are not necessarily a bad thing.
- A poor review can actually prove to be useful in helping businesses identify any areas of weakness.
- A large proportion of consumers have difficulty in believing that businesses with 100% positive reviews are completely genuine.
- There are even some studies which suggest that the presence of the occasional negative review may actually be helpful!!
Contact Us
If you would like to speak to someone about gaining more reviews for your business, please contact Footprint Web Design on Tel. No. 01883 372488 today.
