What is GDPR?
You’ve probably been hearing and reading a lot lately about ‘GDPR’ – but what is it, and will it affect your business?
So what is GDPR?
GDPR Stands for ‘General Data Protection Regulation’ and to put it in simple terms it effects your business if you match the following:
Your company website has forms which collect personal information (such as names, emails, phone numbers, IP addresses or pictures).
Your business is situated within the EU.
The visitors to your website who enter their information are EU citizens.
When does GDPR start?
The GDPR legislation will come into force on 25th May 2018.
What does GDPR require my company to do, and how can I make my website GDPR compliant?
From what we can see, there are 3 main requirements to GDPR, which we have listed below, with possible solutions underneath to make your website compliant:
Users need to give specific consent before your website can collect their information (and are required to be over 16 in order to do so) - but this information cannot just be contained within a terms and conditions page - it needs to be clearly visible and easy to understand.
Add a checkbox to any forms which store such data, which clearly states they are giving their consent for the website to collect the data on that form, and that they are over the age of 16. This checkbox will be required to be checked / ticked, before the form is able to be submitted.
Users must be easily able to request confirmation as to whether your company is processing data related to them, where this data is being processed, and what purpose this data is being used for. This information must then be provided to them in an electronic format, free of charge.
All pages of a website to have a clearly visible link to allow users to request the above information. This link, when clicked, will go to a separate form which will allow the user to input their details, then send off a message to the website administrator requesting any stored data on them be compiled and placed into a report which can then be emailed back to them in an electronic format.
Users must have the ability to have any information collected on them removed.
All pages of a website to have a clearly visible link to allow users to request removal of any information collected on them by the website. This link, when clicked, will go to a separate form which will allow the user to input their details, then send off a message to the website administrator requesting any stored data on them be deleted. The website administrator will then go into the website and delete any stored information on that user.