Changes to the rules around data – how to prepare your company and your website
7 August 2017
As you may be aware, as of May 2018, new GDPR regulations will be coming into force that are going to change the way all data and information is obtained and stored.
If you have an online contact form, an order form or any type of feature on your website where customers input their personal information, this affects you.
These are set to impact companies of all sizes, from all sectors; anyone that stores any data will have to make sure they know what the new legislation entails and what it means for them.
What is set to change?
- The biggest implication will be around gaining consent; companies must keep a record of how and when an individual gives consent to store and use their personal data. This is no longer able to just be a pre-ticked box; the individuals must have clearly actively chosen to give their consent and this needs to be able to be proved through an audit trail, including any relevant screen grabs or saved consent forms
- People will have the right to withdraw their consent at any time. When they withdraw, this means being completely erased from records as oppose to just being deleted from a mailing list
- If there is a data breach, GDPR states companies must inform the relevant authorities and the compromised parties within 72 hours, giving the full details of the breach and their planned damage control proposal to mitigate any effects
In short, companies must be completely aware of what data they hold and where, across all devices, systems and software and an incident recovery plan must be in place to deal with any incidents of breach.
What happens if I don’t comply?
Fines of up to 4% of a company’s annual turnover, or up to 20 million euros (depending on which figure is greater), can be demanded if the violations are serious. It is not clear yet what counts as a ‘serious’ violation, however for many SMEs, the fine could prove to be disastrous.
Who is responsible?
Everyone who has anything to do with the data. In terms of your websites, it is no longer just the website owner or hosting company, but also the people in charge of website planning or data input that are responsible too. It is down to all these different parties to work together to ensure that the new regulations are being followed.
What should I be doing and when?
Due to the scope of implications from these new rules, preparation needs to commence well in advance of the May 2018 deadline. A full data and information audit is recommended to ensure that all your records are up-to-date and compliant, with new plans being put in place for data storage going forward. This won’t just mean a change in processes for many companies, but a change in company culture; be prepared for confusion, resistance and mistakes – all of which need to be made and rectified in the next nine months to ensure smooth sailing from there on.
The sooner you can get started on this the better. For our clients, we will be in touch to discuss how to make sure websites are 100% compliant, however if you are not already a client of ours, maybe it is time to give us a call and discuss moving over to a website provider who is able to make this happen for you.
If you are concerned or have any questions please give us a call on 01234 779 050 or email firstname.lastname@example.org.