GDPR Survival Guide
20th April 2018
We've received quite a few emails in regards to the new General Data Protection Regulations (GDPR) coming into force on the 25th May and what it means for your business / website, so we thought it best to do a blog post about GDPR and what steps you can take to help towards being compliant.
Please note: this blog is not legal advice and should not be construed as such.
What is GDPR?
GDPR comes from a new EU directive to protect the privacy of Europeans' data, the laws apply to anyone involved in the collection, storage, or handling of that data.
GDPR requires us to protect both personal and sensitive data.
Personal data is any data that relates to an identifiable person and sensitive data is anything that the EU judges to be more private than a name. Your ethnic origin, religion, sexual preferences, politics and criminal history are all considered sensitive data.
User rights under GDPR
- The right to be informed
- The right to access
- The right to corrects
- The right to delete
- The right to limit processing
- The right to data portability
- The right to object
- The right not to be subjected to automated decision-making
Furthermore if you're transferring data outside of the EU you must obtain explicit consent to do so from the user who owns the data, so for international businesses it could be wise to ask this permission of users when they sign up if required.
It's important to understand that it is not the EU regulator's responsibility to prove your non-compliance. It is your legal duty to prove that you are compliant, and failing to do so is in itself non-compliance.
Practical steps we recommend now for your website
- Updating your contact forms to explicitly mention when you're not storing user details
- Updating any forms to obtain consent for third party contact and newsletter contact when required
- Setup a privacy page and explain how the users data is used by your organization
For additional information on what steps you should take as a business, please see the PDF below from the Information Commissioner's Office:
If you would like Flaydemouse to update any of your forms...
Please contact us with the various forms you require updating and what changes you would like to make to them, for example:
“I need to make changes to my contact & registration forms so that I can request & save the user selection for contact by third parties. I would also like you to create a privacy page with the supplied text.”