By now you’ve certainly heard of the GDPR, which is the European Union (EU)’s General Data Protection Regulation.
The GDPR was adopted to protect the personal information of European users from unauthorised disclosure and misuse.
As such, the GDPR places very strict limits on where the data of EU citizens can be stored, how it can be used, how long it can be kept, and how it’s protected.
As you would expect, the GDPR applies to every business in Europe. If you violate the rules, the fines can be massive: up to £18 million or 4 percent of your global revenue, whichever is greater.
Now, with just over six weeks until the compliance deadline on 25th May, SO Marketing, a Staffordshire-based, award-winning marketing agency which specialises in web development is urging companies across the region to remember their website as they prepare for GDPR.
According to managing director, James Aberley, the GDPR is ‘the biggest shake up in data protection to date’. He warns that a large part of the business community is still unaware of the steps that are needed to be taken in order to comply and may be left playing catch up.
‘The ‘General Data Protection Regulation’ (GDPR) will come into force in May 2018. It introduces tougher fines for non-compliance and breaches, and gives you more say over what companies can do with your data,’ explains James.
‘Fundamentally, the GDPR rules aim to give control back when it comes to your personal data, by creating an EU wide, consistent data protection regulation and, as an agency that deals with websites where data is collected, we’re now in the process of working with existing clients to ensure that their websites are compliant with the new legislation.’
‘Ultimately, have a battle plan. Prioritise your resources, prioritise support and prioritise what capabilities you need at what level of maturity to be able to get you in a position that you feel comfortable with by May 2018.’
To ensure that your website is GDPR ready, James recommends the following:
Take a personal data audit
‘A personal data audit will help you to identify all of your data processors’ explains James. ‘For each data processor consider what you’re using the data for, where it’s being stored and ultimately, whether you still need the data.’
‘A large part of GDPR is about communication’ says James. ‘Explain to your users why you’re collecting and using their data. Be clear and concise and offer the option for their details to be deleted if they wish.’
Employ of designate a Data Protection Officer
A Data Protection Officer will be responsible for monitoring internal compliance of the GDPR within your organisation. ‘Unless you’re carrying out a large-scale processing of personal data, a suitably informed in-house member of staff should be perfectly sufficient for this role,’ adds James.
The GDPR may seem intimidating but it’s important to remember where it comes from. At its core, the GDPR is about protecting people from a myriad of risks across the internet. ‘The internet is still a highly unregulated space that needs far greater levels of international legislation; and the GDPR is a significant contributor to this.’