Over the past weeks and months, you may have been increasingly hearing about GDPR; the EU General Data Protection Regulation that becomes UK law on 25th May 2018. If you haven’t heard of this directly, you’re likely to have seen an increase in the number of emails from websites and companies asking you to review their updated terms and policies, or even confirm that you still want to hear from them.

This is all down to the biggest impact that GDPR is having on websites; consent. Previously, under the exiting Data Protection Act, consent for storing and using your personal data could be implied; it was assumed that because you were filling out an enquiry form, you were happy for the details you were providing to be kept and used appropriately (in theory to process your enquiry).

However, we all know that a lot of companies didn’t take this responsibility seriously enough, and your information could easily end up in the hands of third parties trying to sell you things you don’t want, offer you services you don’t need, or plain harass you (hello PPI!). So GDPR is making consent absolutely explicit; you have to confirm that you are happy for that company/website to hold you information, and in return they have to tell you why they’re going to hold it, where, for what purposes, and what you can do if you need to query, change or remove that information. You have the right “to be forgotten”.

So how does GDPR affect your company?

So far we’ve mainly looked at how this will affect members of the public, the kinds of people who will be using your website or who are potential customers of yours.

As a business owner, of any size, GDPR will affect you in ways far beyond the scope of your website. I’m not going to get into too much detail with that, but suggest some further reading (see below) may be useful, and if in any doubt please get specialist legal advice. We can’t offer you and guarantees, but we can use established best-practice to help your website comply with a larger company policy.

Wait, there’s good news!

The good news is that if you’re already compliant with the DPA, you’re in a really good position. The amount of work required on your website may vary greatly from site-to-site, depending on the range of functionality you have and the amount/type of places you collect personal data. For a simple enquiry form, like the one on this website, you’d need to take the following things into consideration:

As you can see, there are a multitude of factors to consider, and it may seem like a potential minefield. Here at Saplings Web Design we’ve got experience in helping our clients comply with GDPR legislation, and have been doing so since the beginning of the year.

Please get in touch with us to discuss any questions you may have, and don’t forget to consent to us using your data to reply to you!

Tl;dr

GDPR will build on the existing DPA regulations to make a number of improvements, the biggest of which (for a website) is that consent now has to be explicit.

You’ll need to let your users know what data you’re holding, for how long, where it’s kept, and how it might be used. A great way to do this is to update your privacy policies. See ours for a starting point!

Further reading