Get More Information Here:
What does GDPR mean for your website? Part One
by
Phillipa James
Does GDPR affect me?
The simple answer is yes. If you run a business or work in one you will hold some data on someone so it will apply to you the data in question is even applicable to your employees (or you as an employee).
GDPR cuts across lots of different areas of your operations, whether youre a big business or a SME, so you need to know more about it and get ahead of it as the consequences are pretty hairy if youre unfortunate enough to get reported and fined! If you want to know more about GDPR there are loads of resources online that cover the broader issues, including this helpful guide from our friends at nTrust Systems who look at the IT ramifications.
We are focussing on a far more specific element on this blog how GDPR affects your website.
How does GDPR affect my website?
Well the short answer is that we dont know yet, but we do know that it will. This blog is less about providing answers at this point (because we dont have them) and more about making you aware that there will be some thinking required to become compliant in the next six months. Weve tried to spell out some of the areas that will be linked directly to your website as this is the area that were most concerned by.
Enquiry Forms
The chances are that you have an enquiry form or two on your website capturing the data of potential customers. In many cases you may also have a gateway pop up form that captures data in return for a download or some free resources. These details then go into the back of your website database where they should be secure, but if your site is hacked, they become compromised. Equally if you have a number of people that have access to the content management system, they also have access to personal data from these forms which will at the very least require some sort of robust policy.
Privacy Policy
Every site should have a privacy policy which is the document or statement that sets out the way you gather and used data. Most sites use a free policy that is a bit of a catch all, and this is certainly something we provide for our clients. This is because a bespoke privacy policy written up by a lawyer for 1500 can be a bit of a stretch for many smaller companies often more expensive than the site itself! Were not sure that this template approach will cut the mustard in the new world and is something that you may need to budget for moving forward.
SEO, tracking and automation
SEO (search engine optimisation) is a key element in the approach that many businesses have to marketing these days, which include a vast array of activities and tools to reach, identify and market to potential customers. This might be advanced tracking through cookies or perhaps automated marketing which involves a database containing personal contact details. There are six lawful reasons that personal data can be held so you need to be sure youre holding it for a valid reason:
Contractual you have a contract with someone
Compliance you must record dealings with a person
Vital interest to record health information for a member, employee or guest
Public interest journalists investigation questionable dealings
Legitimate interest including competitor analysis
Consent required if none of the other five reasons apply
The days of buying databases for large scale automated and direct mail campaigns are over my friends.
Website passwords
You need to have a really solid policy in place to make sure that those who have access to your company website have a really robust password in place and that security of this password is compliant. Believe it or not we have heard about companies who have a sticker on each monitor with the website login details on for anyone to see and use even external people. Getting into the site means accessing a database of enquiry forms details and therefore a data breach, punishable by up to 4% or turnover or ’20 million.
There are also instances where on a shared drive there is an excel spreadsheet titled passwords and logons or something similar which make it easy for unauthorised individuals to get in, locate and access data that they shouldnt, which again is a breach.
Make sure passwords to anything which lead to more login information or personal data (like LastPass or 1Password)are really secure, including that of your own staff.
Website Security
Weve addressed some of the human concerns around website safety such as passwords, but having a technically secure website is also very important. You need to make sure that it is secure, using reputable and updated plugins, on a secure server along with some sort of security feature such as WP Cerber to help prevent access to the data stored within. One other consideration is to apply a SSL Certificate to your website to encrypt data flowing to and from the site.
Website backups
You absolutely need to make sure that you have a robust and credible website backup system in place. There are great many reasons for this, most of which are pretty obvious (like losing your site completely) but some backup regimes are not as robust as they need to be. A website generally is comprised of a series of site files and then a database. Some automated processes take a database backup but back it up to the website instead of a different server, which doesnt solve the issue and makes your data vulnerable. There is more information on website backups on a previous Square Daisy blog.
E-commerce
So with a standard website there is the likelihood that you have contact forms which will require some level of personal data, however with e-commerce sites there is a whole host of other personal data required to make a transaction happen. As such the policy and security of this along with the storage of customer details will really need to be examined and made secure and Dropbox is not the answer as it isnt compliant with UK requirements.
We genuinely had a meeting with a client that was taking credit card and personal details over the phone and when they processed them through the card machine they just threw them in the bin, which got thrown into the outside skip for anyone to take. Unbelievable.
How does GDPR affect websites
How does GDPR affect websites
So when will you have the answers?
A very good question and one that we hope to be able to answer soon. We have been attending lots of seminars (and we recommend you do too, there are lots of free ones out there usually hosted by local legal firms) and have started to gather information that we hope to put into a guide early in 2018 to send out to all of our customers and other interested parties, possibly in exchange for your name, company and e-mail address (dont worry well look after them!!!).
The idea of the blog was to make people aware of these changes and try and explain some of the issues that it will throw up for websites in particular, hence it being called part one. Please dont think that GDPR only affects websites, it affects a WHOLE lot more than that, were just focussing on our area of expertise and hope to shed far more light on it well before the day that we all need to be fully compliant when we will bring you part two of the blog.
Until then, why not look through the rest of our blog to find some other articles that concern safety, security, data and hosting and get ahead of the curve and well bring you more news when we have it.
Square Daisy is a professional web design company that specialises in buidling websites to help you show off what you do best. Our strengths lie in making sure we understand your business, combined with our creative skills. We translate your business message into a website that does so much more than just look good. Square Daisy’s inclusive and robust process enables you provide your input at every stage of the design process. We use new technology and clean code structure to deliver a fully optimisted website that helps your customers find you online and because we are a small agency, we are very cost effective for the level of expertise and quality of service that you will receive.
Article Source:
eArticlesOnline.com}