For anyone who runs a website in 2018 and beyond, new regulations coming in across the European Union could have a sizeable impact on your online performance. For example, the 2018 introduction of EU-wide General Data Protection Regulation (GDPR) has had a seismic impact on the world of data protection. What is it, though? And why should you pay attention to its development?
PLEASE ADD ATTACHED IMAGE HERE
As a website owner, it’s increasingly important that you get to understand what GDPR is – and why it matters to your long-term progress online.
What is GDPR?
As mentioned above, GDPR stands for General Data Protection Regulation. It came into play in May 2018, and is a form of extra-territorial laws that covers every EU member. However, it also covers nations outside of the 28 EU member states. Therefore, whether you are an EU webmaster or not, you need to understand what GDPR means for you.
Unlike other potentially incoming changes to web usage, though, GDPR is a thoroughly positive form of data protection progress. If your website gets information a citizen of the EU, then it MUST comply with GDPR. It’s that simple.
Transferring data outside of the EU just changed drastically, too. We recommend that you read through this excellent guide on what nations you can transfer EU data to without censor.
What does GDPR actually do?
In essence, it alters the way in which you can hold onto and then use information about those who visit your site. Today, there are some new terms which you need to get your head around. These include:
- EU citizens whose personal information you have collected – the Data Subject.
- The individual or group who owns said website – the Data Controller.
- The people who you provide access to that data from, such as website hosts, virtual assistants, website designers or anything similar – the Data Processor.
- The details held about someone that could identify them personally – the Personal Data.
As the Data Controller, it is your job to ensure that the Data Subject’ Personal Data is securely managed and only used by a Data Processor who has legitimate, authorised access to said data.
A failure to follow along with new GDPR rulings can be pretty severe, too. If you fail to comply when you should be, then you’ll be given a warning and some time to make the necessary changes. If you fail to make the changes in time, you’ll be given a reprimand and then potentially a suspension for using EU citizens’ data.
A failure to comply again could see you fined as high as 4% of your global annual turnover: a huge sum of money for some businesses.
What you need to know as a website owner about GDPR
While it might all sound pretty terrifying, if you are a small business with little to no EU traffic then GDPR may not impact you. If you deal with anyone from the EU, though, it’s very much worth your time to read below. As a website owner, then, you need to make sure that you follow the below key points about GDPR on-site:
- Consent is no longer implied when someone visits your website. Implicit content is still OK for non-personal details. However, ANY personal information must come with full, explicit acceptance from the individual.
- What does that mean? It means that you must have a checkbox that lets the user tick the box saying they agree to the terms. It has to be unchecked be default unlike before, though. You also need to now make it clear what the data is likely to be used for should permission be given.
- Should any data breach happen, all Data Subjects must be informed within a timeframe of 72-hours to comply. This means anything from a website hack or attack to unwittingly giving data access to a non-compliant nation, per the list we provided above.
- Users also have the right to leave your website and not have any information stored about them – you also need to delete that information if they request that you remove it. If someone signed up to you service and then left, they can ask that you remove the information and you must comply.
- You also have to give customers access to all of the data that you hold on them within a 20-day timeframe. So long as they can be verified as being the Data Subject, you must provide fully audited information on all the data that you hold on them.
Protecting your website from GDPR
You should look to take all the steps above to ensure that data is consensual, secured and only shared with the people mentioned above. While it might make analysis and marketing sound more challenging, it’s a worthwhile law change creating a safer, more customer-friendly world online.
If you are a website owner and believe any of this might apply to you, though, it pays to make adjustments now. As the May 2018 deadline has passed some months ago, the sooner you can make the changes the better. A failure to adhere to these new rulings is not a path worth heading down. As a website owner, you should protect yourself and your customers. Making the changes now will only help to make life easier for you and your staff as GDPR becomes commonplace.