GDPR comes into effect on May 25. You may be aware of the General Data Protection Regulation and how it relates to your business but did you know that it also has consequences for your website? In order to avoid being in breach of data protection laws, you should take a few minutes to consider the new requirements and determine if you’re meeting them.
First of all, every website needs a Privacy Statement and this statement should address the items of particular concern outlined below.
You are obliged to outline the kind of data that you collect from website visitors. This could be contact information on the back of a website query or an online sale. It could include geolocation information related to a mobile device.
You need to describe how your site gets this data. This could include website forms or social media interactions (such as Likes, Shares, ReTweets etc.). If you’re using a third party service such as Google Analytics for the purpose of tracking visitor traffic, this needs to be disclosed.
You’ll need to specify what you’re going to do with the data you’ve gathered. For example you might be using voluntarily submitted data to process orders or reply to online queries. The retention of personal data may be necessary for the fulfillment of a contract. These instances fall under the category of “Legitimate Interest” and are permissible by law.
Separate to the Privacy Statement is the issue of data security. When a visitor transmits data to your website, this data should be encrypted. If it isn’t, this means transmitted data is vulnerable to interception. How do you know if data from your clients is being encrypted? Go to your website and check the address bar: before the domain name does it say http:// or https://? If it’s not https:// that means your site is not encrypted. There are also other considerations that you should be aware of when it come so data encryption – see our article on SSL certificates.
After May 25, your site could be in breach of GDPR requirements. Contact BITS via today via firstname.lastname@example.org or give us a call on 056 7786882 to determine what needs to be done to ensure your site is compliant.