Data Privacy & GDPR – What You Need To Know

Data protection regulation and what it means for your business.

So, you are a business and you have a website. You are probably hearing a lot about data privacy and GDPR and wondering what it all means.

You are probably a bit worried how it impacts you and what you need to do about it. You have probably even gone to various government and EU websites to read up on it but were confounded by techie jargon and legal mumbo jumbo.

WebBuddy is here to help.

Let us break it down in simpler terms.

1. Does your business have a website?
2. Do you receive email submissions from a contact form?
3. Do users purchase anything on your website?
4. Do you collect email addresses for newsletter subscriptions?
5. Do you have Google Analytics installed on your website?

If you answer yes to any of these questions then you will need to read on.

What does GDPR stand for?
General Data Protection Regulation

Why is it in the news?
It’s a new (legal) directive for managing electronic data that all businesses will have to adhere to.

What kind of data?
Any information you collect from your website and other sources such as:
• Google Analytics
• your customer database [online and offline]
• capturing email addresses for subscription such as MailChimp
• customer details and credit card numbers
• phone numbers, etc

And what’s the law got to do with it?
You need to show that all data collected is managed securely and is used for the purpose it was collected. You will need to show that customers have given permission for any direct marketing. You will need to have clear policies in place in relation to collecting, processing and storing personal electronic data and adhere to Personal Privacy Rights in relation to those whose information you have collected.

When does it come into effect?
25th May 2018

Is it a big deal?
In a nutshell, yes. The Data Protection Commissioner will have much broader powers (and heftier fines!) to hit non-compliant businesses with.

What do I need to do?
In order to inform and assist the Data Protection Commissioner has published a check list to help prepare for full compliance, which can be viewed/downloaded from HERE.

The pertinent point in ensuring you are prepared is this snippet;

“Make an inventory of all personal data you hold and examine it under the following headings:
• Why are you holding it?
• How did you obtain it?
• Why was it originally gathered?
• How long will you retain it?
• How secure is it, both in terms of encryption and accessibility?
• Do you ever share it with third parties and on what basis might you do so?”

If you adequately answer those questions you are mostly there.

What’s the deal with Personal Privacy Rights?
Again, straight from the published handbook;

“Rights for individuals under the GDPR include:
• subject access
• to have inaccuracies corrected
• to have information erased
• to object to direct marketing
• to restrict the processing of their information, including automated decision-making data portability”

Most of it is straightforward enough and most of you should have such mechanisms in place already (such as a published privacy policy, unsubscribe options on your newsletters, double opt-ins, etc.)

It can all seem a bit daunting, but most digital and web agencies should be set up to help you adhere to the regulations in plenty of time for next May.

If you are worried about any of the above, get in touch. WebBuddy would be happy to help.