On 25th May 2018, the GDPR (General Data Protection Regulation) enacted by the EU came into effect.
In a nutshell, GDPR gives a lot more control over their personal data to EU citizens while ensuring that anyone collecting or storing this data is doing so in a responsible and consistent manner. We’ve all seen the ubiquitous ‘cookie notice’ on websites, right? Well this is the same deal… with a personal bodyguard… on steroids… and armed to the teeth!
So who cares?
Well, if you have a website, you need to care! Big time, the potential fines are terrifying! (up to 4% of annual global turnover, up to a maximum of €20 million.) The gory details are here, but suffice to say, this needs to be taken pretty seriously! Supervisory authorities (SAs) will be set up in each member state to ensure compliance, so it’s not something to bury the head in the sand over.
OK, so what about my website?
If you have a website that collects user data in any way, shape or form, you need to be on it like Wallace & Gromit! This includes, but isn’t limited to:
- user registration
- comments/feedback forms
- contact form storage
- analytics and traffic logging (especially any that store IP addresses)
- other logging utilities/plugins
- security plugins
Under the new laws, users of your website have three fundamental rights:
1. Right to access
You must provide full transparency in how you’re capturing and collecting data. What data are you capturing? Why are you capturing it? Where are you storing and processing this data? You will also need to be able to provide users with a copy of their data, free of charge and within 40 days.
2. Right to be forgotten
You must give users an option to erase all personal data and withdraw their consent for you to collect further data.
3. Right to portability
You must allow users to access their personal data and if they wish, transmit to someone else.
OK, so what do I do now?
Well, you need to be aware of the key points of the new law and make sure your ducks are in a row. We suggest a good browse of the official EUGDPR website. For a more accessible read of the pertinent facts, our friends at the Contract Company have also published an excellent article on GDRP from an outside the EU perspective.
Then decide, do you really need to collect and store data? (for example, if you have a contact form on your site that stores messages and user data as well as sending email, is it really necessary?). If so:
- Find out the ways in which your site collects user data
- Put in place ways for users to control their data as above
How you go about doing this will vary hugely depending on the setup of your website. Start by talking to your developer, they should be able to assist you in getting ready for GDPR. If you have a popular open source driven website like WordPress, the process is likely to be a lot less mind-melting.
if you’ve been thinking about a website upgrade, now is a good time to get moving!
Obviously, we aint lawyers, so this isn’t and shouldn’t be taken as legal advice! However, you really shouldn’t ignore the new regulations. If you need legal advice, we recommend our friends over at MW Keller Solicitors in Waterford.
If you need help with your website, please don’t hesitate to contact us. Now more than ever, its pretty darn important that you keep your website up to date. Give us a call on 051 304 617 for a no-obligation chat any time.