The law is changing, It affects our business, and it will affect your business. It’s not just for the big corporations either….we all need to prepare!
The General Data Protection Regulation, or GDPR, was adopted by the European Parliament in April 2016 and will come into force on May 25, 2018. GDPR aims to harmonise data protection laws across the member states.
There are stiff penalties for non-compliance. Fines can go up to 4% of the annual turnover or 20 million Euros, whichever is higher.
What’s all the fuss about?
If your business uses email marketing, sends direct mail or makes sales calls, the law is changing what you can and can’t do.
Some things you might do today will no longer be allowed.
From 25th May 2018, General Data Protection Regulations – or GDPR – come into force. You’ll hear about this a lot. Because it’s a big deal.
It’s tempting to think “I’ll deal with it in May”.
The new GDPR law is complex and extensive, but there are some easy things you should do right now, to help you start to comply and will mean you won’t run into trouble later.
What data are you collecting?
You might be thinking, “I’m not collecting any data” but if If you use any tracking tools on your website, like Google Analytics, then yes you are.
People have the right to know what personal information you’re storing about them. And what you might do with that data.
The law applies to data which could be traced back to an individual. That even includes things like their computer’s IP address.
Did you let them say no?
You need to explicitly ask permission to send someone email marketing. They must opt-in.
Start getting consent now. Don’t wait for the deadline.
On your website contact forms, registration forms or check out pages, you will now have to include ‘tick boxes’ if you don’t already have them.
When did they say it was OK?
We know we have to ask people to opt-in. Is that enough? No. There’s more.
You need to record when they gave you permission. And you need to log exactly what they were shown when they opted in.
If you get an email notification when someone registers or checks out, that may be enough to comply. Provided you store the email securely and it clearly shows what the tick box said.
Stop marketing me!
People have the right to tell you to stop marketing to them, you must make it easy for them to opt-out of receiving future marketing.
Make sure marketing emails tell people how to unsubscribe. That could be saying ‘reply with “unsubscribe” in the subject’, or make it smarter, with a link to click.
The second and most important part is keeping a ‘do not contact’ list. Once someone has opted out, it’s critical you stop sending them emails, or you face stiff fines from the regulator.
Is your website secure?
You know the little padlock symbol you see in your browser bar? That shows whether a website is secure.
It technically means the website has an SSL certificate (Secure Sockets Layer).
If you’re websites has a contact form which allows you to collect personal data from your visitors, you absolutely must have an SSL certificate, this encrypts the transmission of the data.
In October 2017, Google implemented the second part of its plan to label any sites without an SSL certificate as non-secure, so even if your site only has a contact form, unless it has an SSL certificate, your visitors might get a nasty warning about the website not being secure.
Need more info?
Information Commissioner’s Of ce: www.ico.org.uk
These are the people holding the law and issuing fines. Download extensive guides and read their latest guidance.
Had a website built by Freelance Computers / Webxdesign?
Please note that we are not responsible for making your website compliant with this new law. We can, of course, assist you in helping to make your website comply.
Please contact us today to discuss what is required and any associated costs involved in making these changes.