If this is your first introduction to GDPR then you need to know that the GDPR apply to every area of your business and not just your website.
The subject is vast and far reaching and deals with every way a business collects, stores, uses and deletes individuals data. If you are based in Ireland then my advice would be that you visit the Irish Governments website on the subject once you have finished reading this article, they have set up this website specifically to deal with GDPR and what it means for business owners. You can find it here: http://gdprandyou.ie
What GDPR Means For Website Owners
GDPR applies to every person or business that has a publicly accessible website and quite simply there is no way around that. These regulations apply to everyone from the massive multinationals to the smallest sole traders, if you have a website then it needs to comply with GDPR.
In essence the GDPR are there to protect the privacy of individuals, to allow them to:
- Ensure their data is collected through and only through their consent
- Easily ascertain and access what information a business has about them
- How and for what purpose that information is being used
- How it is being stored and secured
- And to have “the right to be forgotten”, in other words the ability to have all personal information that pertains to them deleted and destroyed, (except under certain circumstances)
Every website collects information in one way or another, from the most basic cookies that allow a website to function to highly sophisticated data collection forms that capture the most in-depth details of individuals. The GDPR govern how websites owners gather, store, use, share and delete the information that is captured, as well as what information is being gathered.
It is the responsibility of every website owner to make provisions to ensure that any data they gather on people who visit their website is collected in an open and transparent way and that the person gives their consent to having their details gathered and stored. But it doesn’t stop there. A person must give consent for all ways that you plan to use that data for example, if a person gives consent for you to contact them for the purposes of answering a query or question, this consent does not extend to you then adding their details to a mailing list, for this you will need to get separate consent.
So What Do I need to Do To Make my Website Compliant?
Well this is the €20 Million question… literally!
Failure to comply with GDPR can, in the most extreme cases, be met with fines of up to €20 Million or 4% of global annual turnover, so getting it badly wrong can get pretty expensive. But don’t panic just yet, there will be a process for dealing with non compliance that will allow you the opportunity to correct your procedures prior to fines being issued.
That said it is always best to start off on the right foot. The European Commission has also built a simple website that gives a brief introduction for small businesses, which you can find here: Better Rules for Small Business.
Over the next short while I will be writing some informative blog posts on five actions you can take to at least show that a determined effort has been made to make your site compliant. As I publish them I will make them available below, so be sure to keep checking back to see them, or better still get links to them sent directly to your inbox by signing up to my mailing list.
Disclaimer: GDPR is a serious topic and can have financial & legal ramifications for business owners that do not correctly comply. As I am not a legal professional I make no claim that this article or subsequent articles definitively covers everything that website owners should know, as such I would highly recommend that you do further research on the topic and seek legal advice should you deem it necessary. You should not rely on the contents of this article as legal proof of anything and I accept no responsibility or liability for its accuracy.