What GDPR Means For Websites
Due to come into force on 25th May 2018, the GDPR will change the way companies operate. Officially known as the General Data Protection Regulations, the GDPR has been designed to protect the privacy rights of individuals, to increase web data protection and to consolidate data legislation across Europe.
Widely regarded as the biggest change to data law for over 20 years, the GDPR will affect businesses of all sizes. In fact, any company which handles, stores or processes the data of European citizens will need to abide by the new regulations.
The regulations will have a far-reaching effect on businesses and almost every business operation will need to consider the GDPR. There are, however, some key changes which will affect the way websites operate.
Does Your Website Need Updating?
The vast majority of websites will need to be updated to ensure they are compliant with the new rules. Currently, many companies use websites, online forms and mobile apps to collect data from their users. Under the GDPR, users will be required to give their consent before their data can be processed.
While businesses have previously relied on lengthy terms and conditions to explain their data processing methods, these will no longer be satisfactory under the GDPR. Instead, companies must state their data request in an ‘intelligible and easily accessible form’.
Furthermore, the data collected should only be used in relation to its collection method. If a user signs up to an online newsletter, for example, their data should not be extrapolated and added to other databases, even if they are owned by the same company.
Although you’ll still be able to offer online sign-ups and use data collection methods on your websites, you’ll need to change the way you do so in order to be compliant with the new legislation.
Is Your Data Accessible?
Once stored, it’s vital that you’re able to access your data easily and quickly. Under the GDPR, individuals will have the right to know whether you’re storing their data, where it’s being processed and why it’s being held. If a data subject makes a disclosure request, you’ll need to ensure you’re able to access this information from your existing database or CMS.
Individuals will also be able to request that their data is removed from your systems. Often referred to as ‘Data Erasure’, it’s essential that you can destroy data appropriately, without putting the individual’s privacy at risk.
Ensuring Your Website Complies With The GDPR
Although the GDPR is a complex piece of legislation, you can ensure compliance by making changes to your website. Online marketing activity is likely to change due to the new regulations and it’s crucial that you’re aware of what is acceptable under the new law and what isn’t.
At WYSI, we’re committed to providing GDPR-compliant websites, databases and customer management systems. To find out more about making your website compatible with the General Data Protection Regulations, contact us today.