Zeros and Ones with a Padlock and text " Are You GDPR Ready?"

Are You GDPR Ready?

What is GDPR?

From May 28th the new general data protection regulations (GDPR), Regulation (EU) 2016/679, come into effect. These will give individuals far greater control over their personal data, with the scope of what constitutes personal data greatly enhanced to include:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”

For businesses in or trading within the EU, this means much tighter controls need to be in place to ensure that the terms of the GDPR are not being breached. The full text of the regulations is available online from the GDPR Info website and is required reading for anyone who is responsible for data within a company of any size and all sole traders.

For small businesses, this may seem daunting, but there are a few simple things you can do.

7 Steps to Get Ready for GDPR

  1. Audit all the personal data you use or hold. This means information for customers, visitors to your website, newsletter or mailing list subscribers. This means data you hold or collect both on and offline.
  2. Publish a Privacy Policy on your site. This must be written in plain and readable language and clearly state what information you use and hold, why it is used, where it is held (if it is stored), and how individuals can request details about their personal data and also request its removal.
  3. Implement an Opt-In policy. For your website, this means you need to ask every visitor to your site whether they are happy with your Privacy Policy before they access the site and any information is transmitted.
    For any mailing list subscribers, you need to contact them asking them to confirm that they are accept your privacy policy and wish to continue their subscription.
    And any forms on your site need a consent button, so people know what information you will hold and an opt-in for any related mailing lists.
  4. Move your site from HTTP to HTTPS. This is vitally important if you run an online store or accept credit card details. It’s less of a priority for non-commercial sites but does give your visitors a level of reassurance and also has advantages for your site’s SEO.
  5. Update your Terms & Conditions. These must specify what data you hold, why, where, and how customers can find out about this. Communicate any changes to an existing policy to your customers.
  6. Document your Data Retention Policy. Know what you are storing where so that if someone asks what you are holding or asks for information to be deleted, you can easily find it and comply.
  7. Ensure all Personal Data you hold is stored securely. This means checking that any cloud storage you use is GDPR compliant (for example, Google Drive is not unless you have a My Business account), and any files that you keep in your home or on your laptop are secured, either with a physical key or with a digital one.

Now read part 2 in this series.

In this next post find out how to makes sure your website is GDPR ready by publishing your privacy policy and obtaining consent from new visitors.

Image credit: de Lange

Do you need help? Contact me now to arrange a personalised tech support or training session.

More Like This

Proton VPN: A Review

VPN software is typically used to create a secure channel between two points. Anyone who’s worked remotely (which is pretty much everyone in the last

Do you need someone to maintain your WordPress site?

Whether you’re looking for a monthly maintenance plan or occassional updates, we can help.