How GDPR affects your website

The data protection laws are changing, and businesses must ensure they adapt to the new regulation. GDPR stands for General Data Protection Regulation. If you have a website in Europe, or that people from a European country can access, you must be compliant. Failure to be compliant will lead to potentially larger fines than data protection in the UK has ever seen.

GDPR: What You Need To Know

This attempt to modernise the data protection regulation is long overdue. The last substantial data protection regulation has been in place since 1995. If we tell you the best selling mobile phone manufacturer in 1995 was Nokia, you’ll appreciate how much things have changed since then.

The new regulation doesn’t come into force until the 25 May 2018, but leaving it until closer to the time before finding out if it affects you could lead to a last minute panic. The new regulation comes with its own set of much harsher fines and penalties. Our current maximum penalty stands at £500,000. No company has ever received the maximum fine. When the new fine comes into play companies will have to pay up to 4% of their annual global turnover or €20 million (whichever is higher).

Personal data no longer just applies to people's physical identity details, but now the definition also includes your IP addresses and the identity of your mobile devices. In order to process an individual's data for any purpose companies are going to need specific consent, not simply a vague sentence in an unfathomably long terms and conditions document.

Users will now have more rights regarding the deletion and portability of their data. Data deletion is often referred to as  'the right to be forgotten'. Data portability means users will have the right to transfer their data to another controller.

A Modern Solution

It’s meant to be the start towards a unified global approach. The fact it’s a regulation rather then a directive means at least all members of the EU have to abide by it. If your business deals in very large quantities of personal data, or deals with particularly sensitive categories of information, you may be required to have your own Data Protection Officer. Under the new regulation the amount of time you have to report a data breach to the DPA is reduced to 72 hours from the time it is discovered.

Data protection can no longer be viewed as an aftermarket bolt-on. All designers must consider and incorporate data protection as a fundamental part of their design from day one. Despite all these very clear changes, GDPR is getting off to a rocky start. The current climate means some companies are struggling to finance the changes.

If you’re unsure where you stand regarding data protection contact us at Wysi. We are always happy to hear from you and with decades of experience and expertise under out belts, you know you’re getting a reliable and trustworthy service. We will soon be launching a guide for clients showing best practice for web forms and other Siteglide/website related elements. Keep an eye out for this or subscribe to our Newsletter if you're not already.