What is GDPR and what does it mean for my website?
GDPR stands for General Data Protection Regulation, which is legislation enacted by the European Union (EU) that will go from proposed to enforceable on May 25, 2018.
The General Data Protection Regulation was created to strengthen the rights of EU citizens when it comes to the collection and use of their personal data.
GDPR lays out rules for collection, use, and storage of personal data. The regulation:
- Gives individuals eight specific rights regarding their personal data.
- Lays out principles for protecting user data, incorporating security by design and reporting data breaches.
- Specifies requirements for accountability, or your responsibility to demonstrate that you comply.
In a nutshell, you must abide by the individual rights, ensure that you are properly securing personal data and be able to document how you are doing so.
What is personal data?
Personal data is defined as any data that can be used to identify a living person, directly or indirectly. It includes things such as a name, photo, email address, personal bank or medical details, or a computer IP address.
From 25th May 2018, this new European law will make the data collection such as contact forms and shopping carts on your website illegal without some crucial changes. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
When it comes to your website, there are a few things you need to consider:
- Before any data collection takes place, you must get explicit consent of each user.
- Requests must plain, easily understandable language and also stand alone from other matters or requests and not be buried in other text.
- Have a process for users to request access and view the data you have collected about them.
- Provide users a process to withdraw consent and purge personal data collected about them; i.e. the “Right to Be Forgotten”.
Let’s consider a basic contact form on your website. A key part of the GDPR compliance is that you should request as little information as possible. Every field on your contact form must be able to be justified and you must clearly inform the user what each piece of information will be used for and how it will be stored before they submit it. The user must actively consent to this, usually, by clicking a checkbox.
GDPR compliance and Cookies
Starting May 25, you will need affirmative consent from your users to use certain types of cookies.
What are cookies?
How do i make my website compliant?
The only way to determine if you need to take action is to audit your website against the requirements of GDPR.
Free GDPR compliance website audit
Claim a free GDPR website audit before May 25th. Hurry and claim yours today!