The deadline for implementation of the new General Data Protection regulations (GDPR) is May 25th, 2018. This is the largest ever legal change to the Internet, and affects all websites and anyone that stores digital records of their customers data – so basically everyone.
Since the terms of GDPR are quite extensive, in this article, we will address the main gist and important points as they relate to you, your business, and your website.
Does your website track cookies or have any forms collecting user information? Then this applies to you, and action is required in order to prevent being fined for not being GDPR compliant.
What is GDPR?
GDPR (General Data Protection Regulation) is a new legislation which focusses on the way personal data is collected, stored, and distributed for EU citizens. This does not only effect businesses within the EU, it affects every business world wide. Basically, if your website is accessible to those in EU, then this applies to you.
The basic principles of GDPR are:
- Data Minimization (not collecting more data than is necessary or relevant)
- Integrity (ensuring that personal data is used for reasons consented to by the user and is not sold or provided to third parties)
- Confidentiality (using all possible security measures to ensure personal data is stored securely and cannot be inappropriately modified)
The GDPR introduces many rules that affect several areas of the data management process, including the collection and storage of data, monitoring of potential data breaches, and the users authority to provide consent and manage their data.
With new regulations comes enforcement, and in order for companies to protect themselves against potential fines, it is important that they are protecting all collected personal data as effectively as they can.
Does this affect my website?
Whether you are a small business, a large online shop, a news outlet, or a blog, these regulations apply to any that process data from users visiting the website. This also applies to those that are not processing data themselves, but are utilizing third party services for processing data.
To give you a better idea on who is impacted, if your website uses or contains any of the following criteria, then you will need to make changes in order to make your website compliant. This is not a full list, but should give you a general idea as to who is affected.
- Your site contains a registration form, newsletter signup form, general contact request form, or any other form.
- You are collecting/tracking visitor information, such as using Google Analytics.
- You have an e-commerce site that collects user information for online orders and purchases.
- Your website is integrated with social media accounts, bringing traffic to and from your website via social media.
- Your website allows commenting on articles or posts.
How can I make my website compliant?
This is all a bit overwhelming for everyone, and while each business might have unique circumstances, here is a list to get you started on what needs to be done.
- Obtain user consent on forms. Each form needs to include a checkbox confirming users consent to their data being stored and collected. You should also make sure that each form is clear on why you are collecting that data and how it will be used.
- Secure your site. Install an SSL certificate on your website to ensure that the transfer of data is secure. You know that green padlock that shows up in the address bar of your browser on some websites? That’s what you need.
- Get your site up to date. If using a CMS, such as WordPress, be sure to complete all updates, including themes and plugins. Developers are updating their software to comply with GDPR, so you want to be sure to have the most up to date version installed.