GDPR, or the General Data Protection Regulation
Should you be worried about how GDPR will effect your website? Probably not for the average brochure type website because it's all about the data you collect and what you do with it.
I recently attended some training on the new GDPR rules courtesy of SESCA
There are now plenty of online guides to help you through the details of GDPR and I'm certainly not going to replicate that here. The new rules come into force in May 2018.
There are some straight forward steps you can take however:
Does your website have a contact form or any other form of data collection?
Even asking for a person's name and email address is data collection
Register with ICO (The Information Commissioner's Office)
This is not expensive, and quite frankly probably a lot cheaper than having defend yourself if you thought you didn't need to register.
Ensure your website is on SSL
That's where you website address starts with HTTPS rather than HTTP. It will also show a green padlock next to the website address. This will be a requirement in the new rules. It's also worth noting that Google have threatened to display warnings on websites that have data gathering without being secure. So if your website is not HTTPS then nab your web person and get it sorted.
Ask for consent
This principle is at the heart of the new rules. If you plan to use the details you have acquired for anything other than the bleedin obvious then ask. More to the point ask on the same form that you get the details because you won't be allowed to email them after to ask permission. You will need to ask specifically for each of the uses you plan to use their details. To use the details to email them marketing messages, ask. If you plan to use them for research, ask. If you want to sell them on, ask. If you're going to invite them to your Facebook account, ask. You get the idea, a single consent box won't be enough in many cases.
Sending out emails
We all do it, send out an email CCing everyone involved in. This will now be dangerous territory. You are in effect sharing all those email address with all the other recipients. Do you have permission to share their email address? Probably not specifically, so if in doubt use BCC, not CC.
And there is more of course
Nothing scary really and it is for all our benefit.
Cavespider, pointing you in the right direction
- Written by Crispin Jones