Even after the UK leaves the EU, GDPR law will remain in force.
GDPR is coming, so you need to ensure your organisation is ready for the change, but despite its reputation, GDPR doesn’t need to be scary. In fact, GDPR will have benefits for people and organisations, and will ensure that everyone plays by the rules when it comes looking after personal data.
One of keys to GDPR compliance is preparation. By being adequately prepared you can significantly reduce the risk of any data breaches and, in the unlikely event of a data breach, you can demonstrate that you took reasonable steps to minimise the likelihood and impact of such an occurrence. GDPR won’t make data breaches disappear, but by maintaining GDPR compliance you will give yourself and your users peace of mind.
GPDR isn’t there to hurt your business or organisation, it’s there to protect you.
In addition to cookies, if you have a contact form, registration page or anything else where a user inputs personal information, you’ll need to take extra steps to keep this information secure. Before GDPR, it was permissible (though not best practice) to use an non-secure connection on your website, even if you have a contact form or registration page. With GDPR, if any pages on your website allow users to input personal information, you are required by law to secure the connection between your website and your users with an SSL certificate.
This isn’t limited to WordPress – virtually all content management systems (CMSs), such as Joomla or Drupal, will require a similar level of compliance, as will plain HTML websites that use any of the above features.
If you own or are responsible for a website, there are a few simple measures you can put in place to get yourself prepared
The maximum fine for non-compliance is €20 million, or up to 4% of turnover, whichever is greater.
Having a GDPR compliant website is a great start, but you will also need to ensure the rest of your business operates within the GDPR rules. You can find out more information from the Information Commissioner’s Office (ICO) website, which contains a more in-depth look at the requirements for businesses and organisations in general. You will need to identify whether you are a Data Controller or a Data Processor.
You may also be both of these things. As a rough guide, a Data Controller is responsible for deciding what data to collect, and from whom. A Data Processor on the other hand is responsible for the use of this data and systems that are used to process it. If you’re not sure which applies to you, you can find more information on the ICO website. If in doubt, you can seek legal advice to confirm which areas of GDPR apply to you.
If you would like any further guidance on general GDPR compliance, please get in touch for more information.
Rather than feature two banners on your website, you can combine your cookie and privacy policies in one document, and feature this alongside a link to your Terms & Conditions document in a single banner. You can find more information about these documents here, and there is advice on installing an overlay banner here.
You can get in touch with us if you require any further information or have any questions on the above.
For best practice, your Data Protection Officer should not be a company director.
This website is owned and operated by Worcester Web Studio Ltd, an internet and web-specialist business based in Worcester. The information provided on this website is done so free of charge, and with no obligation. It should not be considered legal advice, and is simply a framework of guidance to help businesses and organisations get their website ready for GDPR.
GDPR advice for this website was provided by ISO Quality Services Ltd, a Worcester-based ISO certification and training business. As well as ISO 9001 and other popular standards, the company also provides ISO 27001 Information Security certification and GDPR Training.
If you would like further information from either of these companies please get in touch.