Never too late for GDPR!
GDPR – it’s not too late and is actually a good thing! The EU’s General Data Protection Regulation (GDPR) came into effect on 25th May 2018 and is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used. Although the time is past, you still can take action to ensure that you are compliant with the new legislation.
What you need to consider for your website:
Simply put, any company that operates within the EU which handles and stores personal information will need to adhere to the new rules. GDPR does not discriminate between business giants and small businesses. Furthermore, the penalties for not complying to GDPR will be very severe. Violation of the terms of GDPR can result in a penalty of 4% of your company’s annual turnover or a fine of 20 million euros (depending on whichever’s highest).
GDPR Complaint Websites – the very basics
Explicit consent is needed for certain, basic, website functionalities:
- An Opt-In/Opt-Out Procedure
Consent needs to be freely given, specific, informed and non-ambiguous. Positive opt-in consent given (cannot be inferred from pre-ticked boxes or inactivity)
A means for users to request to view their data: This needs to be possible for your users, and requests for data must be granted.
“Right to be Forgotten”: Provide your users with a way to withdraw consent and purge the personal data you have collected about them.
Online Payments & GDPR
Online Stores need to collect and storing personal data in the form of delivery details and more.
You need to remove any personal information after a reasonable period, for example, 60 days. The GDPR legislation is not explicit about the number of days, “reasonable” is up for debate but as a general rule, if you don’t need to keep it, don’t keep it.
Google Analytics & GDPR
Google Analytics is used by most website owners as a means to see how well their website is functioning, ranking etc. Google Analytics. As there is no “personal data” being collected, this is not directly impacted by GDPR. That being said, it is always beneficial to be clearly transparent and advise the user the analytics is configured.