On May 25th 2018, the most significant piece of European data protection legislation to be introduced in 20 years will come into effect. The General Data Protection Regulation (GDPR) strengthens the rights that individuals have regarding their personal data and seeks to unify data protection laws across Europe.
If your organisation collects or stores any type of personal data, you will need to comply with GDPR. Failure to comply could result in a fine of up to €20m or 4% of your annual turnover. To avoid these ramifications, preparation is key.
We offer a comprehensive GDPR Website Audit service to ensure sites are compliant prior to the regulation’s effective date.
- Reviews (0)
- Product Enquiry
Does GDPR apply to me?
If you operate within the EU, and you handle and store personal data (this includes names, email addresses, telephone numbers, payment details and IP addresses), then you will have to comply. These regulations are going to apply across the board, irrespective of company size or sector.
Required changes will vary dependent on the information you collect, how you collect it, who has access to the data and how you intend to use or handle the long-term storage of that data.
No exit despite Brexit
When GDPR comes into effect, the UK will still be a part of the European Union, and as such will adopt all EU legislation. During the transition period, EU laws will be rewritten in line with Britain’s new position, meaning that all UK organisations that collect personal data will have to comply with GDPR.
Does my website have to be compliant?
GDPR states that if a website collects, stores or uses data, site owners must tell users who they are, why they are collecting data, for how long and who receives it; get clear consent, let users access and export their data, inform users within 72 hours of a breach and let users erase their data.
Whilst not an exhaustive list, this will impact website plugins, privacy notices, cookie policies, forms, comments, Google Analytics tracking, e-commerce, user databases and newsletter lists.
What about Salesforce, MailChimp etc.
These systems are classed as third-party data processors because they process data on your behalf. Most, but not all, of these systems are run by US companies who should be going through the process of becoming GDPR compliant, if they have not already done so.
These companies should also be Privacy Shield compliant. The Privacy Shield framework has been co-developed to provide mechanisms to protect the flow of personal data between the EU and the US.
Only logged in customers who have purchased this product may leave a review.